9dee1dabce3bab0399f60daa4d5bade2a67db866a400418ab01fd56d262678b3

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 23:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d0a55c6727a1ccebb269895ab517cb85_JaffaCakes118.html
Size

4KB
MD5

d0a55c6727a1ccebb269895ab517cb85
SHA1

ea9b22cfd8f7d14b8a2e2d5c88d996b1d3469da1
SHA256

9dee1dabce3bab0399f60daa4d5bade2a67db866a400418ab01fd56d262678b3
SHA512

596f7dac9b29424c933a56674387c712b3481de6ede5e65783f48f97bacfcdfbf5b27ef481853b099a3e3a43fc61353276bc4917e573b945a35263c515241027
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8okVDl6sz:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDV

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
788	msedge.exe
788	msedge.exe
2212	identity_helper.exe
2212	identity_helper.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe
788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 788 wrote to memory of 5072	788	msedge.exe	83
PID 788 wrote to memory of 5072	788	msedge.exe	83
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 5084	788	msedge.exe	84
PID 788 wrote to memory of 4308	788	msedge.exe	85
PID 788 wrote to memory of 4308	788	msedge.exe	85
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86
PID 788 wrote to memory of 1340	788	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d0a55c6727a1ccebb269895ab517cb85_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff526546f8,0x7fff52654708,0x7fff52654718
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1645439035924407230,3539065593460426760,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1645439035924407230,3539065593460426760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1645439035924407230,3539065593460426760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1645439035924407230,3539065593460426760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1645439035924407230,3539065593460426760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1645439035924407230,3539065593460426760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1645439035924407230,3539065593460426760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1645439035924407230,3539065593460426760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1645439035924407230,3539065593460426760,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1645439035924407230,3539065593460426760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1645439035924407230,3539065593460426760,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1645439035924407230,3539065593460426760,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
292B

MD5
aeee92a61d8bd613570362ffd1a39e4e

SHA1
2d8235a51f1682ed4f666ab14edbf2cb43b2ee51

SHA256
4859765d293c6c298d70c374475cfa364d65d79c9ad3577ade66e190eb239a85

SHA512
d97913ee7756d61bdf8cf4e8cfcb0311ae82f68d2658ca9adfbcaf17d78c95c99cc6ed04c51d0224019f49ab9599310f488bcf2b338bc708cf8841d062fa4243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f4c915968e1163a26609b63110226c6

SHA1
72b0ef6d62912a1f65c5b39483257442a6b2ea89

SHA256
b69d7da3c6b9de82ae00e11f68ab9e1f4392282000178d3dcd538ed086d52c98

SHA512
18fe21dea1b95183037262ed1ab95af6b711984ef4b84d77ce408ec16865cd3d6cf0b8a6aca23d9ea3e34e968c87d203e1767f839965b971e2ca3eee95e4f0c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d8a588918e448aab02d05c3089ce1fa

SHA1
684d694e7a285543a13a9966f74c99063a7bd435

SHA256
8d32e647cba0d0c7f39301cfbb6e4d405af3d9d64b392fd137694df0aa589745

SHA512
510debf47a99dc5936c116eed6ec1b6be41c70816299e0d9b9121b9802e977d55b6eb98f73c6dce8ab89e4c5639871be343f450b495c929f8d8bc1a50501a15c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fd3556f81809cbf3b8ccf8d7cbbd831d

SHA1
36025fd67291d834fb4e569e688d97b79149bdda

SHA256
14cde427c502fb5b5952b97415b0fb6147319f9b3ed84e7f4db6b83451cd4e24

SHA512
ff7b75d5e4997d53d956456396988e67ab9adca99111b4ec3a08de7239f0b9a720cb34f67e69e8a42f48b3bd2cfb5307ad9e84ce42dd3764e51c30ea47993aa7

Download Submit