d5f76c836f7562dc4654fbc0bbaad779a792738b8158ee22cb08a3217f605586

Analysis

max time kernel
145s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce3f0858c7392745e2f9033218ac9fea_JaffaCakes118.html
Size

26KB
MD5

ce3f0858c7392745e2f9033218ac9fea
SHA1

2bc93f7b9dcab57d38ea3ef82c0744d9623acbc5
SHA256

d5f76c836f7562dc4654fbc0bbaad779a792738b8158ee22cb08a3217f605586
SHA512

ba5c5eda3e767cfee0aaaba4dfbc9748edeb474a1589e4968a2fabd205b4dce3a60b1e912434a87b87cfd7f91edef88ef7dfe262aa87065010e07b360f6a4db6
SSDEEP

192:uq5/Xxb5n3enQjxn5Q/GnQieVNn2DMnQOkEntm0nQTbnhnQlCJVevo7NtcFo+NzY:n5Q/ADIygc7HPF

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
408	msedge.exe
408	msedge.exe
4192	msedge.exe
4192	msedge.exe
4824	identity_helper.exe
4824	identity_helper.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 1836	4192	msedge.exe	83
PID 4192 wrote to memory of 1836	4192	msedge.exe	83
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 3972	4192	msedge.exe	84
PID 4192 wrote to memory of 408	4192	msedge.exe	85
PID 4192 wrote to memory of 408	4192	msedge.exe	85
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86
PID 4192 wrote to memory of 4396	4192	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ce3f0858c7392745e2f9033218ac9fea_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9addf46f8,0x7ff9addf4708,0x7ff9addf4718
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5750123148547843910,318563399166782682,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,5750123148547843910,318563399166782682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,5750123148547843910,318563399166782682,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5750123148547843910,318563399166782682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5750123148547843910,318563399166782682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5750123148547843910,318563399166782682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5750123148547843910,318563399166782682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5750123148547843910,318563399166782682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5750123148547843910,318563399166782682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5750123148547843910,318563399166782682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5750123148547843910,318563399166782682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5750123148547843910,318563399166782682,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
daee42486501a58d8b3831735bb4e488

SHA1
4038ddc0ec13efaf5495cf6bcdb3518bc31205e6

SHA256
b24b5d7c4d917afd62cf273d8f4186ae50df12215265807fa29160feccd55766

SHA512
38eb3e76be18f8f2f005f90c02e1e55b1149f5a0455dce6e5ed29e88131005698ea02a7a6345f32f6e9fcbf1f966a332a43ff01c12210a92cace61a86e2cc6f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cfa48321cd7573d8438be5aee8e89981

SHA1
efe0e81b6016dd25208b0e904de95eec7ea82bd9

SHA256
e081e3fac250a6283e7d0ab4cbba4a88a7457200ca97d4985568b4b1196b2e18

SHA512
bbd439370605ef9576870511b74669386dd2a6eea44293db7cd5c8376fd68222d18674245278f28c6a0448d2216561a5fa48a285c64bb05dff50e5a7191f17e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8df7a057f0f83ad7a799e8e9881a3521

SHA1
8002d9c2f4a6675bffc8e666db2e2ade91229466

SHA256
405c21737a232f914d409d7087eccbfcec83bf7e36d5505d2a76918063181ba2

SHA512
b4b3e49a0b12ee8b80f2ee0fe6fe900d27752d8f5b8ee7084f0ea869b22e42127efe824290f69054cda529718cc04abca996b4698ae2dfd9117cfcf087f0928e

Download Submit