6965f68971ecb4d94389d593709d2806b20b71568a20169c54dbb1837d8e7623

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 03:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ce93231b7a14a2aad9afc881832e14bc_JaffaCakes118.html
Size

98KB
MD5

ce93231b7a14a2aad9afc881832e14bc
SHA1

55446af1e08b1299ab201cbe79c81a7ae55f0db9
SHA256

6965f68971ecb4d94389d593709d2806b20b71568a20169c54dbb1837d8e7623
SHA512

c317159ad24184c1b424f564781dde335abb39a7ec937c300eb1e16f00e7103b49a412ae1d8cec54bfcadc5e67b898b9b9b7889f7622b39874d0b050ec7cd211
SSDEEP

3072:XBb4Tn46Puk4IU4h4Q4XIxL4y4E4Ed428X+En6f6j:xMpPuTIP+

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
2380	msedge.exe
2380	msedge.exe
5060	identity_helper.exe
5060	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 4028	2380	msedge.exe	83
PID 2380 wrote to memory of 4028	2380	msedge.exe	83
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 4164	2380	msedge.exe	84
PID 2380 wrote to memory of 1128	2380	msedge.exe	85
PID 2380 wrote to memory of 1128	2380	msedge.exe	85
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86
PID 2380 wrote to memory of 1300	2380	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ce93231b7a14a2aad9afc881832e14bc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b2b846f8,0x7ff9b2b84708,0x7ff9b2b84718
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,838609312402442846,9025384526597336763,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,838609312402442846,9025384526597336763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,838609312402442846,9025384526597336763,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,838609312402442846,9025384526597336763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,838609312402442846,9025384526597336763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,838609312402442846,9025384526597336763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,838609312402442846,9025384526597336763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,838609312402442846,9025384526597336763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,838609312402442846,9025384526597336763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,838609312402442846,9025384526597336763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,838609312402442846,9025384526597336763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,838609312402442846,9025384526597336763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,838609312402442846,9025384526597336763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:3592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
665B

MD5
5a0652995556f5b0d55804c04b9f8805

SHA1
b312d72a9d410fe74c4cc0000dcee97e796fd779

SHA256
79a4451c8b9f99296eda017e1ff41fbf05e6dbab73505bc45df38fdaa0bfb8da

SHA512
6bacb1575b1afcc7852c94cd591d5641e6ea0d5c0a4f7cd4c5f94017d6d3d9f3a046a729a79d018be13c9006103b40f3d0282c318275b9e56b52baf5819c6f7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
665B

MD5
14e753303903dec3e23bef9e8a204a23

SHA1
da746a2c468ac13cf15ea098d1c564a403d91c34

SHA256
94d79ecf4d6b732db0d6284bb0301b7f7e1bf8f57ab6c3ad3501d96738d8caee

SHA512
9c6676a7a45132313cd55d98fc603068bc162b0b0566f32bb3d1cbea93ba64f3476bca998cf88e0f48311b5c3de6f85e191b94f4ea7b32d4024fcc841672b4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b75dd08ce6656a79c223de37506366fc

SHA1
f3176f232338434d61957b9b6d20ea0c384cd667

SHA256
8025b20a813e21b7304a56a6a07cd4f43aad0ebf042d9747e460bdf7250ee44d

SHA512
f8a220b531cd483943e91fbfa39ec1e5c42be9cdd0151630a52168d3881cbcf95d425465d486f0aa0b55f4a369f3ed81e4c3c16ab4d65033ad67f3e1a9fd9cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb6d4dd1823b155c18636fdc8aa150b4

SHA1
a20486dd593587ffafe41aa533198097be3d98bb

SHA256
c38fbd8451ada4a014dcef85667f17b95b4d430431fbb909328389f7259c9a92

SHA512
3a41441854562c5c404ea9555c2dc5480f2ad63fc4973ba3e5db86946bc31cd6f6a2f941de739d66ea60a9a797ab7418ffd5af056b44587e21245c527c477cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
92778586e008482d79d8a83f19c1ca12

SHA1
af8d87861cd9f3146022aa3f9e60be98af7e7413

SHA256
a922fa01b55178a715f684bf95c5dc84c618a96c57e99f75ffee31fcb7a08b3e

SHA512
0b176df37ec09f5f3109d337c7de81d42768d6f3f0e3a0099a90887af311af2c79d8924102756f8d4701be0e115ba732ae62a8d518bd96210d5a96fadc2b328b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
133504067b4616b862bbfc057d3e53f2

SHA1
32d518342dafa7e4193abd4af4c33d4883892555

SHA256
fda41049ec874f4687b5c7f977a63038d7399ef8c86d96a1f6944c52b41b409a

SHA512
a6c6ee763ccfed76b51b73865f5d074837cf8379b6bbb1826c548d253cfc2555e77ed13795570ae0efdc3b5434d3feba74ac646a3062937709c2117a0619221f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0bf506d6f4e225be6436880b4949fdf6

SHA1
294cec531fcc4546478c3880c6d34c8678e2a710

SHA256
3546fa995b4a5b81886ff986610fbc76ff28307b997aeaf0910daf3f207c8b12

SHA512
8fe6f633d603a7bd7fd610ae8ee9621385188f841177f06ca23d179a25a02069d66a852a299ea9d530a7b8a7d46b58c7a419aa2028198d08da7b0a4ada598af0

Download Submit