9b3e515b29e302c1ef2929ea1a2a8d46d63e3707986dc21aea523106d56c5138

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8fef847c547507fbfafe0f7f3dcd934_JaffaCakes118.html
Size

85KB
MD5

c8fef847c547507fbfafe0f7f3dcd934
SHA1

2b14df39ae0c42f75dffbe47dac7f0e8473f7745
SHA256

9b3e515b29e302c1ef2929ea1a2a8d46d63e3707986dc21aea523106d56c5138
SHA512

5cdf640974ecd608074f7376afe2f63a9a9893913fe1bc43a25c750743510ed4600ae4376e42551a28f00d58e320ae18d99aea91783cdf4377a7405109941c07
SSDEEP

1536:RCzDwhkgcx19G+M57rorbILLrrirLMkerPrYrHrCMlrVrFrNrJMCrlr2r1rf+D5h:R0DIcxznM5ESKDBo8gysMpi0NrV

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
3560	msedge.exe
3560	msedge.exe
3952	identity_helper.exe
3952	identity_helper.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3560 wrote to memory of 2360	3560	msedge.exe	84
PID 3560 wrote to memory of 2360	3560	msedge.exe	84
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 3920	3560	msedge.exe	85
PID 3560 wrote to memory of 4520	3560	msedge.exe	86
PID 3560 wrote to memory of 4520	3560	msedge.exe	86
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87
PID 3560 wrote to memory of 1788	3560	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c8fef847c547507fbfafe0f7f3dcd934_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce08f46f8,0x7ffce08f4708,0x7ffce08f4718
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,16245454738345515918,17686248880641879264,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,16245454738345515918,17686248880641879264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,16245454738345515918,17686248880641879264,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,16245454738345515918,17686248880641879264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,16245454738345515918,17686248880641879264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,16245454738345515918,17686248880641879264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,16245454738345515918,17686248880641879264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,16245454738345515918,17686248880641879264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,16245454738345515918,17686248880641879264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,16245454738345515918,17686248880641879264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,16245454738345515918,17686248880641879264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,16245454738345515918,17686248880641879264,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
517B

MD5
2e54a78102321e8a432d92fdd0d915d5

SHA1
1de88fbf61ecd13af6d30162cdfe0802600467b5

SHA256
399014f07f29356e15994693ac0d8361676cd5104a5766dcd34d5bedc82729a2

SHA512
446e02f5aa46d544dccb7647a55e8f70369f6025ffef4d0a6e50ff8dbbe5772600c2973cb2b0bbe3b449d21b05b35c23f8809cb25dd1a89aceffcf1019f4ee6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4bfaed851576b6b2b9529d89457114d0

SHA1
03cfdf3cdd9891551dfaafaa9dea3f24ff690048

SHA256
40dd23bcc4e9ace9f5f7c1de1ff42d91bef016352447066df573d06cafa38db4

SHA512
0b35d3d09c880d02d2c1f8b45afde904db3dd35784f22d58d3138d3e40bb850145861acb73e3b1d05ff4824cce50bddc43964d1c7d59fbcbdd8f06d6d82f30e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59bc2c5e3aa099b18138ed0fc79bfd0e

SHA1
f91e09147230306f4294b6bfde194498d97d59e0

SHA256
9328f2d8a07e5cf9b2cf5d2db8da6dfa933649c0f461e5b43568f5255fa22b13

SHA512
8e64812451023be3a50c35022abd01e9a558f24006843b949fce1a15cd3dcc38236c327aea3d3f74ceed7f6e94037f4fbc5299229e811843602c4671faa794c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e603d6145b8e0bf3695ff1a8fa2c1e3a

SHA1
3f32e2dcaaf8fe51a105561fbd1c11a50019a390

SHA256
03aabb950266c207864b247c635bef6aabe81021d006e9466a3ab6e20f28fe86

SHA512
e40fcad6635889eabad42b8228001da6f5ec3d5097569a8ec6d55876d57153759bd8020f08626d97faf85466ab8402db014f24a4d78cd040a0ef8dff29467fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6eb2ddfc60af91d5b8786960584ffb8b

SHA1
63806e0bcd24ee3ebc3dccf17239c4457dcf6664

SHA256
332cc5536e151da44badcaef4eba39da7385f9c4c5c2744da7fa360f2d191e54

SHA512
76ca360907f1cad23d47986d4411dcb2cc80cd0e1d08c9714cb3fa26f7dbdeb01af7f4081df7b604c8ca54229eeb7a223b0b91d0f9406d6124c76a7135fce4cb

Download Submit