2c41effb539374b40cd6f2079339268083ca59bda172e9443591759add507304

Analysis

max time kernel
136s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-09-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cdf1c7899c062bf59a04cc5e3ed9f5ad_JaffaCakes118.html
Size

9KB
MD5

cdf1c7899c062bf59a04cc5e3ed9f5ad
SHA1

14de1c9d4f16cc4235bb6aab99ed4e026048715d
SHA256

2c41effb539374b40cd6f2079339268083ca59bda172e9443591759add507304
SHA512

010418923fe4b34cc9f85d09308f63fb4b3135b91dc7351e730c7cee81c05ecea82a20fa6ebf4bd4e6ceb141b313738aab2d325e579864cfd640852aacb03dfd
SSDEEP

192:i7mtI1KABsaGqf0KLqM/oEchMHYVRLe23KVoB4iVe0RQHqWID:jz8sTKLq6mm4br3wHi4iWS

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
804	msedge.exe
804	msedge.exe
5052	msedge.exe
5052	msedge.exe
2360	identity_helper.exe
2360	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 3916	5052	msedge.exe	84
PID 5052 wrote to memory of 3916	5052	msedge.exe	84
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 1628	5052	msedge.exe	85
PID 5052 wrote to memory of 804	5052	msedge.exe	86
PID 5052 wrote to memory of 804	5052	msedge.exe	86
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87
PID 5052 wrote to memory of 4072	5052	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cdf1c7899c062bf59a04cc5e3ed9f5ad_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91f3746f8,0x7ff91f374708,0x7ff91f374718
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14768424915432568817,7248710588211079828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,14768424915432568817,7248710588211079828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,14768424915432568817,7248710588211079828,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14768424915432568817,7248710588211079828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14768424915432568817,7248710588211079828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,14768424915432568817,7248710588211079828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,14768424915432568817,7248710588211079828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14768424915432568817,7248710588211079828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14768424915432568817,7248710588211079828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14768424915432568817,7248710588211079828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14768424915432568817,7248710588211079828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14768424915432568817,7248710588211079828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14768424915432568817,7248710588211079828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:1
  2⤵
  PID:1792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
309B

MD5
0a4a1f4a31e8c2c1ab4dc326e977cacd

SHA1
0d844c067a5e602f4e159b41b2628f735006ce6d

SHA256
5d9cfb485f42458fe326ee5b6ab16955d1f5e9fec6ab4374a60545354acf5327

SHA512
3cdf3f04657e9703a74146808b78d15d7d6af2f62f2a1e17cb056fd4750b083c541f6e63a8629cb0e5c733ec69301199dec52f14644b3c15e56b0d8138bc39d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c9fb7e57218af296cc683011c07e3db

SHA1
b2b4626c55ec706101ac35012c7224f218ec06b1

SHA256
2ef539828aa86e3686e16be518abb908d7917508b8f70060b81abdfceefd36e3

SHA512
42f85bf986a0b8ba7370863eeec745097c01b93bbdca8ce2519e2a1fb2f68be285ad2cbeb4eaa477793d9e4415da573d6488612af94ffceb7aadb2d7752e7858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c9f38f3457b4f612ef3025dd8f7fe916

SHA1
17cc03e82a373387cf013116349bfec9eedd0469

SHA256
09d84e8be5fa13c768cf40663b6b3f618a274c88a693ea92d6101d682e811895

SHA512
45992d1bee7c20c53c2a7d1b3fba69da06fb68d4ea18a3526b1f86263234c4832bf29fa82b34c014399616ccc77c3eac7d53f9c91ce1823c55535fb373e48b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5712714cda5b7a8764f760f9140a6f59

SHA1
522d401ffafd61f3927c8f48f565e644588abc06

SHA256
3a906b58c9bb87febf5b9ce43262460e7a0e281ec7f1c88fe1c32a64764828f7

SHA512
f62f9cfcf39f05f0f5012bddfe42f5b228b8d1509019493f3b5e693ec8209e74f717e36069326b52662c7baa025c8ca8d93e7be2f5171eb7a867a6d3f847c8db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
282553f96871724d3ac6c03add025c82

SHA1
ad5613973bf8f36c4a9539327e2936fa74d3e67c

SHA256
f2796d3689d3b1ececba817bcdf69329c6e629bc3b85c05106a9f94340f2b50c

SHA512
df2f46dde86657fc81fd08bf9cd391e96f87af376fdaf2507512f26b11dff8be1c3580a3eea6bb92cb4b64c892bc0b99c908bdea9ae7a89429a9f67dbde2253f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
db7778db7439563121552508b1fed95f

SHA1
74312e073febbb1cfb2d200afc823d1fec6a1482

SHA256
edd6bf5855ce85321c2b325cefd24652bade54f5079bc3a1b7aa762c57843407

SHA512
32f7a06a3fefca970c8145e9ac6b7f118213675319009ca0142956a3a005b2234f7203ec534ae732948d376e0629b7076688920a2b5cbbbc4e567cdd2807f63f

Download Submit