4bea74de685d06dd1e3ef26a196095446e89e6626a4b1f629564442fad40cb2b

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c90c54329e184f598b4d972d836cb50c_JaffaCakes118.html
Size

36KB
MD5

c90c54329e184f598b4d972d836cb50c
SHA1

4a36fd2c24922a9d8782cc62c209ab3fdee0af78
SHA256

4bea74de685d06dd1e3ef26a196095446e89e6626a4b1f629564442fad40cb2b
SHA512

2b4a1d6183fcb21253629a0cec75d8f3bf876b85f6217f77a476690908d18e9be25790a26e1e9c7f3023f0ea773cc8c48e5009b3cc673e131de654e0cc1b4e25
SSDEEP

768:zlCC+yfE+3T/euk/CoET0B/1RspvqN8/SslnRiTOQ0SuQ/JAS/SN9Wz1RQO:RCC+yfE+boHvRspvqNBslRiTOQ0SuQ/V

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4088	msedge.exe
4088	msedge.exe
1560	msedge.exe
1560	msedge.exe
1292	identity_helper.exe
1292	identity_helper.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1560 wrote to memory of 3000	1560	msedge.exe	86
PID 1560 wrote to memory of 3000	1560	msedge.exe	86
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4668	1560	msedge.exe	87
PID 1560 wrote to memory of 4088	1560	msedge.exe	88
PID 1560 wrote to memory of 4088	1560	msedge.exe	88
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89
PID 1560 wrote to memory of 2716	1560	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c90c54329e184f598b4d972d836cb50c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff7d446f8,0x7ffff7d44708,0x7ffff7d44718
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,10744870517929589011,9577465696461631186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,10744870517929589011,9577465696461631186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,10744870517929589011,9577465696461631186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10744870517929589011,9577465696461631186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10744870517929589011,9577465696461631186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10744870517929589011,9577465696461631186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,10744870517929589011,9577465696461631186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,10744870517929589011,9577465696461631186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10744870517929589011,9577465696461631186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10744870517929589011,9577465696461631186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10744870517929589011,9577465696461631186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2324 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10744870517929589011,9577465696461631186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,10744870517929589011,9577465696461631186,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
914B

MD5
7758b89fdf659413df5d7b5c37f860d2

SHA1
269e0c868046ed43725914e49469e6ac4b4ae7e8

SHA256
4dee4b1cbcfec1440523b096a9b5bb5c9a54f1aaa2a71b04b81c88adabd3b3d8

SHA512
a5d8979b028ee21df545e7646b6000fb0ac0143af19c8d253b1dac4657d3575b5143d157485522d3e5024686abbd3568500024f33187001d0a98789146354dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3fdf7be960ce048d78e13b6b3decc992

SHA1
e9a70ce29af87bdb4bd9e69ddf2c97c5fba610ba

SHA256
251d65fda2aeceb667776289edde2c1f73ac534f650a7a99dcae61f05104adc3

SHA512
88f20d424a6cf1231fa5c31714c0a07ee0652c2633543341a8eb03b1c74f79b35a9d1da3ac3dcf634b3b93f6b21b1451d7badc9825452eea8d04792cbd9f83cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d46bc6434541559f68300f26201e83a1

SHA1
bd51a1011f74f3e35b12cc48449bd82e23c9d005

SHA256
3d902e5c90e366e0e2051624e36fab35cb248ed6712f8bb328b48b5132544355

SHA512
7702b549d2c57b2f46c9732d454b617ba07e416a4cdefcd5e016c2beccbd9726fa6010ec636fba983d9bb53d4813f50382bf32cf2ebc895a9b1b097d262b4511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
75597afe12c396bd60093171241f333c

SHA1
0d5c3cd358d9ed2e5278c73cfcd154ceeca9d026

SHA256
3b4db49220ad7184033c8d4a23c32c7eadfe3450dfd849899954f41d9e09e577

SHA512
aab383477d881042e793aa1a7c275a760029fb1b4067c36ac2d36b168b6f290b5e494b40e3e58ab7e6e23bfdf493ccc9a4c97abf534774822840154e8bb5e874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d4a1ba2ed7597d008de3493907c27346

SHA1
db7dfe825d6e6eb4f1db10df54ba664df6104a7a

SHA256
82b0034cdfe8a56ea4d7bd9df3ba10bf893914117cd87320aadab6fbe3045b22

SHA512
f94d9fcbca423039f88da4d701962f1bd3387d693fe38f46b5bf3f9dcf904542095b649807e6ed949d0945688c65e6ce05e470b3626f07b105d231f0bb02d47b

Download Submit