b9f895cdb0fd599426d8b0dcbd9a2bb5827f1ace16692d38957f8546508e04ad

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 06:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c859d8472b4c0d0c7a6767772cf5a63a_JaffaCakes118.html
Size

350KB
MD5

c859d8472b4c0d0c7a6767772cf5a63a
SHA1

73b74073b8476b987b7524acf626b35cb46f86e2
SHA256

b9f895cdb0fd599426d8b0dcbd9a2bb5827f1ace16692d38957f8546508e04ad
SHA512

332de6b1d46518cee433cd6068a9617b6fe7689462bf1b0aac42cae397c8ba3e60b0957e8450868b63f51f904782f59f420feb5d44fc2fc26419269befffba83
SSDEEP

3072:8amNbqLljT4oxZwHN5q23dgoRGoU78lHw5zzVltBsi2P7bfTL:8am7LHN5D3dgoRGoUsHbPf

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
2116	msedge.exe
2116	msedge.exe
4396	identity_helper.exe
4396	identity_helper.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 8	2116	msedge.exe	87
PID 2116 wrote to memory of 8	2116	msedge.exe	87
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 4200	2116	msedge.exe	88
PID 2116 wrote to memory of 436	2116	msedge.exe	89
PID 2116 wrote to memory of 436	2116	msedge.exe	89
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90
PID 2116 wrote to memory of 4812	2116	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c859d8472b4c0d0c7a6767772cf5a63a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x74,0x108,0x7ffbe5ba46f8,0x7ffbe5ba4708,0x7ffbe5ba4718
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,11952080929898641820,6523669746815026848,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,11952080929898641820,6523669746815026848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,11952080929898641820,6523669746815026848,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11952080929898641820,6523669746815026848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11952080929898641820,6523669746815026848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11952080929898641820,6523669746815026848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,11952080929898641820,6523669746815026848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,11952080929898641820,6523669746815026848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11952080929898641820,6523669746815026848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11952080929898641820,6523669746815026848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11952080929898641820,6523669746815026848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11952080929898641820,6523669746815026848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,11952080929898641820,6523669746815026848,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5204 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
709c6f4a32b317f6487b598788b6353d

SHA1
50f44d43be9630018f0bd2acb1528df07cd05b7f

SHA256
353aff71e8cf078c88c836e66d86be266ddbe36496a597b9b5a5a87d21eae83b

SHA512
4f33792eb73a792c88e8e2dc8bef7b00a2af7b1b91f4bab0cd5076dd2cb9abbb752eb7e60a4c6204d15f9bca1562915f2468b94e5f01f79279e1e7469055f0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ebc024cdb324eb41f33c6ec63d1458d

SHA1
f623e96981ee63c1b6879f682c4364fd5c2265e5

SHA256
23b9bd7316816043f42a80784e7f247f3afebd3dbe370fbc702189a6a0dddb1f

SHA512
6971b6430bc01a36c48bc1e41cf8c4bed65a2890837f7778a896072159940ae739d11834176cc7be6cf6fa0f2ea9e6764c30cd23beadcc88c390e5573bbad097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6d9533a7b1ec6938730f52b7c2155834

SHA1
8b0fe74ab7c308197be06780be8b43d4c1ee974a

SHA256
9583a4bb6788485259167f1e8447bdddb0548557efe9d722ed9db13dfa03bf7e

SHA512
e73330ed30b03419cacc2808a8b8d45d6b816eedfa9a6bf0d282e19f8a5fcd40549c9a6ce4fbd8a968254e46d737432ca93d96e8ee717990658a33dac8feb9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
877933ccd4b4b07e9dff46528eed5ce2

SHA1
3ab6fa61ede1d3c2f543abc5ab06cc7cebad9a41

SHA256
0ff257633d5f2bfd458a75c485ac572da2fde5efed81695519724e5d86af17c2

SHA512
a173cc6947a63b4811ac6c20aeeb7ef3af319934da37eeaf91c045f5cf9432e9081b28c809eeba8d821178c57015da8f2f49afc34c4830d32ee7cc147b6be7c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9e5c69c17e8482bbae126d07f3f2de0

SHA1
6247f0876c62791478e2c74ef01168abe8f71e68

SHA256
f2a606245c7c7bc64c1f5a7248cd4bca8f5791f01bdbcc2ee934c817cac24690

SHA512
8ab9bc08871c6876f416c3abdf8c67e8885a31843f56ff7f4d6a3a7d7afb0d65a3778081a6d5f6ab6f5adc4d5f3230f761925de60f5f83de4da00800a7f4a1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2782e0dacc75ccb65532b157c6316c5

SHA1
28a263035242ff3146a1f9ebee6765dd40f2a7f6

SHA256
90ac4e290eb4c21d38432ab22cd87df746d3d41a557b2fef39797ff2bb506ca9

SHA512
b9dc5813a91dba13707b3146260fff9b80a7676e1c6b3011880c7b30bf0ad2214088717ddd343cabd8994f3002f9aa9b6b24a31346fec6707fde87403809fc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
494a861dfe3fb61b7f6e9a8e1f92d179

SHA1
903db9c91a888cdd2a359e921ea2c1a958228aa9

SHA256
46ffd9cec0b1524402f64218ea9584cb751cd61e56eae54ac0ad61c55273c690

SHA512
f97bfb87546ee38f100ef52f6ee6d102d05feb378a940954a1953f5dc301e6ae7a91de2b2176dcac165a61abf867e06e3e31572a378b1abd9ea2768de76e7175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ca00a4d59ce5337571dde9674278dec1

SHA1
5d35d6d5b0f011d6fc242c1804f939da8d0c8f7a

SHA256
e3302e4e7942ed991ac4e318844f50676fca1f5e66b853dfb882d06f1fc1de58

SHA512
40744669e37078c979a673c54c5d374a9309ab6603fc3ff69ab18cf4c17431c59b424f14e8d8538fc9a2fd9028ac7f031157b749c2b18d70292afaf1b41ddbc0

Download Submit