b0870fbb4c7a1ba08e6f320656954d89e0b3e7cbd9f61baffe61da77322bfb5c

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0b5d02031acbd343a720cebe9b04fa1_JaffaCakes118.html
Size

53KB
MD5

d0b5d02031acbd343a720cebe9b04fa1
SHA1

91d517938d10e494a67e5bdb55ad8e9927586bff
SHA256

b0870fbb4c7a1ba08e6f320656954d89e0b3e7cbd9f61baffe61da77322bfb5c
SHA512

540e15451722c56556c5dd9b73a7b1ac7a32fceb2c1d9e8005b8518c52420028bdc15280a17741d8251d1e781eec032397f12e7b18ec54b32cc5abf0c32d8d2a
SSDEEP

1536:QIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7SZWPO:zWPyrbCi23lNy

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1596	msedge.exe
1596	msedge.exe
3120	msedge.exe
3120	msedge.exe
760	identity_helper.exe
760	identity_helper.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 1372	3120	msedge.exe	83
PID 3120 wrote to memory of 1372	3120	msedge.exe	83
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 2032	3120	msedge.exe	85
PID 3120 wrote to memory of 1596	3120	msedge.exe	86
PID 3120 wrote to memory of 1596	3120	msedge.exe	86
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87
PID 3120 wrote to memory of 384	3120	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d0b5d02031acbd343a720cebe9b04fa1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8996946f8,0x7ff899694708,0x7ff899694718
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16192091758003528462,11114621132278303201,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16192091758003528462,11114621132278303201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16192091758003528462,11114621132278303201,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16192091758003528462,11114621132278303201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16192091758003528462,11114621132278303201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16192091758003528462,11114621132278303201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16192091758003528462,11114621132278303201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16192091758003528462,11114621132278303201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16192091758003528462,11114621132278303201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16192091758003528462,11114621132278303201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16192091758003528462,11114621132278303201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16192091758003528462,11114621132278303201,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
498B

MD5
e32fec77b5c706f091d91ac42e7ead1e

SHA1
4c59f50f48d968491f44684d59f3c64f96ccf962

SHA256
bee9c46e074a995c58d0cf2ecaaed9b18a733172052b709a1f5357107e06437b

SHA512
8d07eef810718239c00b7eb4a326bc1e4f24bed138bcc2138431f2d9928d40d88a47048ab88b304a8c807113870d8129c19e19771c7bb4b1679a860e69c3c372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f912bc82dfafcef650259d2e9c8f0613

SHA1
ef0aa808a2b5b21e74296eefa8a5da63de0a2aa3

SHA256
42ae1be819059cd34756d66767b762994a3b349bc387f967c89201014901505d

SHA512
04cfb5caea21d82f6b32147de136fc97c24371742997420a37a4b74d0b713fef3ac7de242d598f1feb746e28c7154da25cb471f26cedf54623c4a2c3217b02f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31d1678b53c4b4e319c760207c25739f

SHA1
239ab692314a0a845ccaed42b87b958ce7b719b2

SHA256
442521b14b50661260bd8d39b84e20b0b295a750675aa557f2f28de488bf8eb9

SHA512
4f7ac53b919814c3251e416144fbafb6f193eb1256b6c5046a58a9568bd826e529a3697826d5d7e3d0bf6e9464b549ed46911aac88ec48a356e6bc6b0447b03f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e74aa7be9d2261ee891cb5ed4d9f53b2

SHA1
1615dbda672b220f557ba228d1747103d9252d30

SHA256
409feadeffa0a2c972557b0c0699e92bb82d24b92da0142b4f75353111326b98

SHA512
fba463b929543ef72904953b97a5fffaf41da3217cc884b4eef87e5092a2912e42f7caac0c1f64d2d28303c40b3f6a08aa38108c4a92b928b779625ddd6f3a6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
922a7ca7c86dbada4c8f6f861aa47a58

SHA1
5dcf4972bd87a0741ad172acba2b0c6b8bd93839

SHA256
03895ec18fe5c34915f3e6072c1beb6126ee63eae960266234aa31c0915f5e5a

SHA512
7c157235e2f3b81c8e73bf7ff53db791a6ee46ab90aa058c1e124472e8785984d48419c7eb41cc2171ae8756b24e3438615b16a08615ae00084ee4932497119d

Download Submit