a992c833f1e7d3606e86402951fcd9ac2ead2cddfff8e75cd074e18b2b450f00

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 23:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ce30d16b8123d5b0a3b9c6b64a6f9376_JaffaCakes118.html
Size

131KB
MD5

ce30d16b8123d5b0a3b9c6b64a6f9376
SHA1

849bbd8cb0062a7b02a7a26de07b88f8c95d94c1
SHA256

a992c833f1e7d3606e86402951fcd9ac2ead2cddfff8e75cd074e18b2b450f00
SHA512

a60eaa5a2ce96ec05381ef20f9ca024e0ac636ca27b38ee7fcef2e6b3fa0cbd4e5d2a46fb06643848624bf5bae57d3e806fd8831bbf43146b22fbe8c50e839bc
SSDEEP

3072:v0aMdSPL1scP25g2yH3lWOW1ol0VjchQLyQLgoEg2Xg2q:vFPLdP25g2yH38OW1ol0VjgQLyQLgoE2

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
460	msedge.exe
460	msedge.exe
4652	identity_helper.exe
4652	identity_helper.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 460 wrote to memory of 1864	460	msedge.exe	83
PID 460 wrote to memory of 1864	460	msedge.exe	83
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 4232	460	msedge.exe	84
PID 460 wrote to memory of 1668	460	msedge.exe	85
PID 460 wrote to memory of 1668	460	msedge.exe	85
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86
PID 460 wrote to memory of 4560	460	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ce30d16b8123d5b0a3b9c6b64a6f9376_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8eb3846f8,0x7ff8eb384708,0x7ff8eb384718
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16705919500988889833,12010770208618654813,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16705919500988889833,12010770208618654813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,16705919500988889833,12010770208618654813,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16705919500988889833,12010770208618654813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16705919500988889833,12010770208618654813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16705919500988889833,12010770208618654813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16705919500988889833,12010770208618654813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16705919500988889833,12010770208618654813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16705919500988889833,12010770208618654813,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16705919500988889833,12010770208618654813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16705919500988889833,12010770208618654813,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16705919500988889833,12010770208618654813,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2688 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1d9834c3-7762-420a-87cd-b7c5e742a5d2.tmp

Filesize
6KB

MD5
9940b9591e2754f5850b08faa014ccf0

SHA1
b3436f30cd834a14be33cb168aba577c13bc1356

SHA256
7673bd2bcf074da296298b06a36c4b88bba91b7b487b511133f1c483d99dacb3

SHA512
94dc7b2bb0b5260c1f37d378dc8de83cb8ee12a82a51db964ee4ae9a0faf7ec405aca94c068495f6ff089993961a4095301a0dd4445a3c86f50350bfaabff19a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
742B

MD5
c8ed6c77412be1bd831dc427211fbbec

SHA1
17351899af5786c5a7497b11536ba8fa8d8cc184

SHA256
67a66f183b6b25e78fe1f9d35974261b495f38dc36c4cadbe914221debcf3f7f

SHA512
ffac2fe218e4328d59c079e6f5acecc8319624e812462f976c3803b2b1790458e3648633db4e62c71f813b01ea04f19a2e6618373dd7ba45a7f0f3ba81e66bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7933c65b6834ac91a22c392192bb8c50

SHA1
16336a7b091824e0128e1b47ed4bbf41aee35c17

SHA256
2f4561d342fcc0966f0e02caba0e50f99b0d40c8b1e525c2d939c25c187dd256

SHA512
e699a3f63f5b056fc6d798f0b9452fbc3c70505da50380592aba512abfdbb9e3c6306255a0a23bd715c7e6dd93a1f906b38ca8ebf85007de8c5926709ff0939a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b8d715857b69b9c857f923d397a5f85f

SHA1
f2092a4bc5aeee50a657850c0fb92fb302c809d1

SHA256
9dcec0e9390157e33716c07fadf82404f425385c26af016981e886110eb5a322

SHA512
90c49ad8379cbd7e2f8614c9a4f1bb6c619630ef4e9bed327bb273e373f599e40504095b8804e4cb8088b3594ca72c647bbc84057ed2c868b53cb568a0e83534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cf0b5a9207a1deacc9753a18cf724d1b

SHA1
03281ef545f33f837c169efd58b8e3c0b27d2978

SHA256
afa994d68a5ed3d09ca7af076703bbbf03e546108271576a84d48ed81b01c210

SHA512
967d6a514f2396232a1d8676dc7010df521cfdfeb7d3e5d299685d704da2c3ead5b28bee5ac5ece26f2cca62c1b2032978162cede8142284802639517fdaa5fa

Download Submit