8603ed3146fbc3144a8ef11d76a611cf259148f3306ad093c9a7c148f4b5010a

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2024 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c98d7e3935f39414a063e1da00e0d241_JaffaCakes118.html
Size

58KB
MD5

c98d7e3935f39414a063e1da00e0d241
SHA1

9990098b974ff0a91a07dd9a4ff47991a8f6289a
SHA256

8603ed3146fbc3144a8ef11d76a611cf259148f3306ad093c9a7c148f4b5010a
SHA512

76c145a0b8c308de9ebe056ce63d8e6cf214915bd0e8fc5fcbd6f10c397fdaa81ca2b0d7230c03bd656805f02d04976c670f7565b0ad28c5c57c3b2845676a8a
SSDEEP

1536:RFSk4hMZtwmHtDbHv7om0aPAcD1PFHMS3fXxMwOa1tZ:RFkhMZtwmHtDbHT/TPAcD1Bl3fXhOa1P

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4824	msedge.exe
4824	msedge.exe
3296	msedge.exe
3296	msedge.exe
4176	identity_helper.exe
4176	identity_helper.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 1584	3296	msedge.exe	84
PID 3296 wrote to memory of 1584	3296	msedge.exe	84
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 1336	3296	msedge.exe	85
PID 3296 wrote to memory of 4824	3296	msedge.exe	86
PID 3296 wrote to memory of 4824	3296	msedge.exe	86
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87
PID 3296 wrote to memory of 3596	3296	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c98d7e3935f39414a063e1da00e0d241_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0b8e46f8,0x7ffc0b8e4708,0x7ffc0b8e4718
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4438496799384097349,9586397696457874586,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4438496799384097349,9586397696457874586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4438496799384097349,9586397696457874586,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4438496799384097349,9586397696457874586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4438496799384097349,9586397696457874586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4438496799384097349,9586397696457874586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4438496799384097349,9586397696457874586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4438496799384097349,9586397696457874586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4438496799384097349,9586397696457874586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4438496799384097349,9586397696457874586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4438496799384097349,9586397696457874586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4438496799384097349,9586397696457874586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4438496799384097349,9586397696457874586,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d29dcaea756634a750268e4e74f42462

SHA1
6ac6ff45487f7b5cb8390f614ada27b78b38e27e

SHA256
474c9d71889d3250a1bae1e1e0457588a3373c4e91f69c23c43483c2c1c9d47d

SHA512
c94b4cc1a3b5bc0e0dee6c925ddca806e9c84e63d3f7c6443aa2df0a935175127785855516d5596d24537344720800695965aa8d7afd642aa268e7e783d984e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9467c2177aedb1c5a6191d5bb399aa62

SHA1
e10e2b1bcfaec4ce7aa4f18210cdf162e05f4a28

SHA256
c129e5acebcc6c7b79d1566f8cf11e9db815e9d3cf74f8c54af1ad6cc9294716

SHA512
d5efd65b89a74cea6aa0ab7f2cc52980b6bf94af6f1ddd75caccd9236095378f29551162fc7662ef87c24eed9b897be8535c40cb013582117ebed30a66f8f95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3eff861198d5bef996472b56813626e

SHA1
5769aa9d2c69eac3c14ee9fbe1e20e15db400ded

SHA256
18165644753ea4e7ad85ceca26e6815e7f515f08fe55bb90d289d21ca0865709

SHA512
85770383bd89d3184c77f96cb91060acbdf7a7cc537d7aabbdcf4b627ee65f6a1979604b89fbdfe72893315f54d1a004ae32163a3c55479e13b88ba42be1c76b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00af45358c6861024a3db8d517ef3860

SHA1
62b3695e332deab21ccb66e7bc44ec6184d1aca5

SHA256
80eecf6ab466cd0af217a9d78bd311cbd946d9e7c3c1e8264f76fdefb9572c24

SHA512
e24a17d663fe3b9a5905736dea537abaa56189f41a68b8872050f4153a75c9e0f123a3d8957be18feec905639e2bdee24677899e6e6ff40bd49f5b572a15884b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4f8f8e744a54325277184030d59ed02

SHA1
c78cfb6aa4c568c2f55f21d08bbebd9ed696603f

SHA256
b36251a575f13a0595db040fe79930ae193c41b4422589730b8ae8a87db174af

SHA512
7a1f2b9e039e3d0d0cbc83e39d32fdfd93800eea760f78f4e146d07567a974cbe90d16911e524129aa35e2ea5d468d6ec441a1cbcd932e7e5beb25798c831302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3b88ffa7be2b5bac117aa3b0d63c5b4c

SHA1
8b5e637f1ce0dd31ee9d942612254917d0534154

SHA256
ffbcc8250ec6cfcb8d32adbbbea2db350136044f85ebcdd6cd3992a5af1a578e

SHA512
6446d3e24c64221449f5468f44618011808566d003d8d3f01b8ac1b459a20b01481ff054d0f6de82cec9412af01e5482948855c437f8dbb224e6c540416963f1

Download Submit