9a6628247b47f0cb6d244779e685241b55db015ff741fa1c8aee658304fcdc52

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-09-2024 09:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf35d02b7421d944fbbd365aa97d8c23_JaffaCakes118.html
Size

72KB
MD5

cf35d02b7421d944fbbd365aa97d8c23
SHA1

76acbe7b186c94ff161ca65f39b57ba29445c4a3
SHA256

9a6628247b47f0cb6d244779e685241b55db015ff741fa1c8aee658304fcdc52
SHA512

6416a6c96f84b0dd58fd32b7ab34a431d7081f768eeb48f473fea5f99c03f7687d6b8f28d5b2c07613ea1115a2ba80a411e99d5f9b805f313b4d03d157512c7d
SSDEEP

1536:uHBEyRxugOruO6GwuT02xXBf8Ba/hUuBpSXsakL8:uHBEyRxuHaW02MA/ppQkA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
1104	msedge.exe
1104	msedge.exe
3088	identity_helper.exe
3088	identity_helper.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 4704	1104	msedge.exe	83
PID 1104 wrote to memory of 4704	1104	msedge.exe	83
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3208	1104	msedge.exe	84
PID 1104 wrote to memory of 3528	1104	msedge.exe	85
PID 1104 wrote to memory of 3528	1104	msedge.exe	85
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86
PID 1104 wrote to memory of 3148	1104	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cf35d02b7421d944fbbd365aa97d8c23_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadbad46f8,0x7ffadbad4708,0x7ffadbad4718
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10342991608836761124,7235015595513984317,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10342991608836761124,7235015595513984317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,10342991608836761124,7235015595513984317,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10342991608836761124,7235015595513984317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10342991608836761124,7235015595513984317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10342991608836761124,7235015595513984317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10342991608836761124,7235015595513984317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10342991608836761124,7235015595513984317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10342991608836761124,7235015595513984317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10342991608836761124,7235015595513984317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10342991608836761124,7235015595513984317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10342991608836761124,7235015595513984317,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
575B

MD5
58af676c937efa3000e8814294a5b1f8

SHA1
aca550906b4256653ebb5137a8ac46c48d12084f

SHA256
b109f37e861284147e0f2b1c0141dbd2d861f9d01f973dc3c7f3876ed276e186

SHA512
dd04fa9197d864b3ca771cfd8830b2ba113c8f3d8ff825933760ce27c0a57c274680bdbad4bcb89709738452c0548da6065fa730ea21192b2b49a687a46c6cbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
98987f8e0b8d77facd2e97e36e789a35

SHA1
87050dd4f570e91bc793deb4e2f54146e2367f74

SHA256
5935541eaf28bdd33bda55da6f7e24820ca53bcea70982f1a4daf65eac3e3f6f

SHA512
4a3c7b76f74de2a845bbde54319c3069a6be3440beca5081ac3ffbdfd8b2ab699a5128f75185d43e3e9c6ad20cd00c8bb0be8394eb95f70fffcc44cc17da11cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd0fd1ab654ed5fef83573fe2f2fb54d

SHA1
1df9eff891304780280e7e626dbf16b50786bfc9

SHA256
d60b7c66b73bb62d98e299ba63efb6b36964b93f28f5e79ff904426afab539a9

SHA512
bc9f06b5e6b6681fcad2cc54315f3e78a3e90bd8fa48a5000355af4bc5581054b84aadc3a79943bbb7125633f6594d8d58092d1e5d5343a9dc940394e7e8fbe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b528ba5adbbff49c132043f558ab8ffb

SHA1
076fe6713e8c5de0fa350560de65cba84ecf7039

SHA256
a3acfa4ff0dd8ddf6bbfecc5d090d7fca977e543673092d8bc3179f52c14dda3

SHA512
722d66aa7c83fd8e512ecf5948dbe2f7d1d9a9c6732ec59a89fb66d9a4a1ed732d04ce6a3e97e0cf04f0ca91362f9c1ff1151c69553c55fa00766f547d31d701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1d9b85d30c970c137cca0c8515a0eb34

SHA1
76b3fccdb72645f13f5a1b835de6031bec0e9579

SHA256
a97f3dcd2a85f470bb81b7e7843fcf813c90c09c741ea7d648df54b8fc1bcc7f

SHA512
27c202af57ae5f2c0f44186fadf01dae07e140daf1c8de3ec2ff723cfce7eadc2611fb8182988adfb1dedb2773a0b512cf3aa14bdd9284c28120fed009157ad2

Download Submit