ea7cab97c8d19516dddd7eb52cb3622db9f22228a831e2201414c3a194f07289

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2024 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c92d6bd6b8d7a0ba241e68c8eb3d517e_JaffaCakes118.html
Size

124KB
MD5

c92d6bd6b8d7a0ba241e68c8eb3d517e
SHA1

29773a76a396d676f2c220022ad53551e89ea3d3
SHA256

ea7cab97c8d19516dddd7eb52cb3622db9f22228a831e2201414c3a194f07289
SHA512

66117223d7c7b3fd7e0626e485f35662f7c65c364b639366889a51a714e4704186e8b4718b68cc256d0dda3f7224d9b0f0c2d4be1f4d8a9182c64be0057ab792
SSDEEP

1536:ST4U13qcIcnXIA+lBv5U5LyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09M:S5+lBOyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
4840	msedge.exe
4840	msedge.exe
2528	identity_helper.exe
2528	identity_helper.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 2308	4840	msedge.exe	84
PID 4840 wrote to memory of 2308	4840	msedge.exe	84
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 4044	4840	msedge.exe	85
PID 4840 wrote to memory of 1888	4840	msedge.exe	86
PID 4840 wrote to memory of 1888	4840	msedge.exe	86
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87
PID 4840 wrote to memory of 2064	4840	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c92d6bd6b8d7a0ba241e68c8eb3d517e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9568446f8,0x7ff956844708,0x7ff956844718
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1089341165099404047,5577446093227903407,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1089341165099404047,5577446093227903407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1089341165099404047,5577446093227903407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1089341165099404047,5577446093227903407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1089341165099404047,5577446093227903407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1089341165099404047,5577446093227903407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1089341165099404047,5577446093227903407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1089341165099404047,5577446093227903407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1089341165099404047,5577446093227903407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1089341165099404047,5577446093227903407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1089341165099404047,5577446093227903407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1089341165099404047,5577446093227903407,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
8b3440f58ad2ea9a43d6c56965f40dd1

SHA1
f0ea0e2908d30beb6ef6923597f5213a7c4e0c8b

SHA256
1df2c6e107d6bce8d45c41733ea5baeef29d36e1f4490bf345c5534d779e58e5

SHA512
4bee09c1aebe5384370f48d55043761f040ac82e2c02055400fd291c6ad77917a06d6fd5fc44c1a7d1b770f91ad4da8ad05151fde9dbb288efe2474282a7b770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
13f52090168aa3175a922b3a1b6336d4

SHA1
9eef16858fa8860b98992bc05d90210c8f8e8293

SHA256
f4791b3f6490111f647a61934347d6f32b40c1aec78b695265293ad58e42bb8e

SHA512
b08b11523e544b8aa95bee9c24874faee535683f7f7e8fc1d354b02fc887881668e7422c855102a6b1ac8bddd001c6e4c3d2392eb5fc016ae2ada6d637fff6cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ee19ec2bc37b5009d222cca6abcb921

SHA1
dede9f0d4b5870d73273e0886dc3f39842fc2a2d

SHA256
a8718be4be37bd51fa1e7413fdfa85a50e699bb27ce182937e83ee978d66c812

SHA512
77cf174f5461be6b8c16434c43d9f1ceb9e8477d916089722e64c0a1c0619ff330ff4955f4127274fdc824a3d40949afbe517469c81b872204d6e5a7038586d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f45d71180b3e551901bbf6ba589f1f64

SHA1
ebd118053398805e2c1953d74d7ce4d913ceb218

SHA256
4361a2fd52e40e1e53249e2bee6216514ad930f0208927e3461939a51c0765d4

SHA512
7a2d83d0b5d91b19af4b8a3adf581b04a4ae2120f3030cb997a2ece2ecdbcbe997c9b9143cba06a89f148c01bc1c2b7bee499cf24c321e8afe52966bd2664437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
efd7bfbdd0a4df1506e6c99702c0c94e

SHA1
30bdae46b339efeebec253c880dbee71c8403d2d

SHA256
5423fcdacd1695fd0758616e66c4aeea1d18e6ef024bff71794464029b5420a1

SHA512
341aa76d5f59d257e29a04653ce71f37d1bf5439b00968913a46693925a62eeb7d5379e6200800bc994432ee5889035eaed87cd3998e22055915fa55aee6583f

Download Submit