e06745eaa644f5756b2c18aab965ca5549071c243afbc3d871a834d0e99c9c5c

Analysis

max time kernel
146s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 01:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c7fdb854ae187147c1aa0b458270fa0d_JaffaCakes118.html
Size

32KB
MD5

c7fdb854ae187147c1aa0b458270fa0d
SHA1

de494c7de248d3832abdc18409e5f4d16a4fc7cb
SHA256

e06745eaa644f5756b2c18aab965ca5549071c243afbc3d871a834d0e99c9c5c
SHA512

fa5834cba04dce0dded4199ea51e521c79573d33ececc4cb6a0b6d9e40eac332864bfc1b559f149b8c7b6708239b6ca27a4086a1c4fb5c4f3d37d6b22040972f
SSDEEP

768:SBtQXC4jet+xIsf0kZk8c0FCiZdXiEuoDGsHmXFzdxXi1A:SBtP4jetbs0ilZARP3dPXi1A

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1060	msedge.exe
1060	msedge.exe
3560	msedge.exe
3560	msedge.exe
2432	identity_helper.exe
2432	identity_helper.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3560 wrote to memory of 3504	3560	msedge.exe	86
PID 3560 wrote to memory of 3504	3560	msedge.exe	86
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 2200	3560	msedge.exe	87
PID 3560 wrote to memory of 1060	3560	msedge.exe	88
PID 3560 wrote to memory of 1060	3560	msedge.exe	88
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89
PID 3560 wrote to memory of 3696	3560	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c7fdb854ae187147c1aa0b458270fa0d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc07546f8,0x7ffcc0754708,0x7ffcc0754718
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6498658212699723846,14146419980123536070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,6498658212699723846,14146419980123536070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,6498658212699723846,14146419980123536070,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6498658212699723846,14146419980123536070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6498658212699723846,14146419980123536070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,6498658212699723846,14146419980123536070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,6498658212699723846,14146419980123536070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6498658212699723846,14146419980123536070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6498658212699723846,14146419980123536070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6498658212699723846,14146419980123536070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6498658212699723846,14146419980123536070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6498658212699723846,14146419980123536070,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4214fe16-d1d3-424f-b41e-9d13e3b9d067.tmp

Filesize
10KB

MD5
07f7778b6dbded99b3800dddb227ed98

SHA1
430fb8a43e33dd52e926617e4d6d958fdc686fba

SHA256
4cc41113a1fa4582ad3e04b0c6ac8728f7813cf211292bd9debbfd2d155e9d18

SHA512
7b5fc12b8ab1356ce1a66f314ae2c55b20875b8422cc7aa923c90a88f59250bb45727b5563c3cadd6da2ba8c26142c11cad759ca629757ef334d03d7031d9f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dfca8d3a244b6b63adc31db90ea6ee1c

SHA1
79305b8dee127ab79fe2479f8a5d6c3119ed53c8

SHA256
4d9f0d39e13ca9f636b0dd0472728046182e8a8b032087bc66e789ccf5e7f292

SHA512
31beb15cb76b558d4ad41fcd999323d29749450c2d37b84da3bcdd7ad037e328782f2c3368b28e9b4e972f0f3b2e53a46a83f36dbb0d379a26a3940840c28235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8b7d43bdf3e4533f4949d0903254144f

SHA1
d93e78868bab65bf5c5b134a81a97a2ebada2f14

SHA256
3036bbe45d3af6e0e1bb56522e0a921bd96b04e17e3a81dbfefe5ec82edfa50b

SHA512
8af85b030b673372e683ac8bd23aea86db3855ff43175a1c1af9c5a0dd32f110048868da9fb7d0172fe0480b27125e9815f3c401ed69326c864b3a56f190dea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6537368fb2acec859f4595a68f2b63c5

SHA1
13bc178689906eadd5faffb1f6f22f1c1533e0ba

SHA256
0e517cb9c4151744507e252fc9992e060b308b172b2ca0e8c190adf459c79362

SHA512
2aa4732d652897ce02089b47da223871dbebf9e21f6dc5fc4c7434d4c3c7d28674b6e9f45c31da43ebdfe8a9fb52651920bbc60a800ef8df0bb22ea5d6767f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit