060d81fc7ab870458c3ae7bc41fc26c8d114e3dc517ae51dfd4871987e454ae0

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0b5e192f6f1b81ba9c89f531d9b3869_JaffaCakes118.html
Size

52KB
MD5

d0b5e192f6f1b81ba9c89f531d9b3869
SHA1

6c54be891c166e0b50db3743f0fdaf7bdb5ea929
SHA256

060d81fc7ab870458c3ae7bc41fc26c8d114e3dc517ae51dfd4871987e454ae0
SHA512

aa7bcaa764a9972f5365b4bfc4f0d03d68331a1b2ce5324925b3f7f326ecbb92b0bc2caf99aef7273c8d9f3a63456ac69bd772eaf8a0282291ba37c236070b6d
SSDEEP

1536:RJUsgeZ6IGkzvs9BfT1rUDglEgKESwUL2yXdgeYXxdzc1V:RJUszZ68sD9UDglEgKESwUL2yXdgeYXu

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
4592	msedge.exe
4592	msedge.exe
4312	identity_helper.exe
4312	identity_helper.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 2624	4592	msedge.exe	83
PID 4592 wrote to memory of 2624	4592	msedge.exe	83
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 4192	4592	msedge.exe	84
PID 4592 wrote to memory of 956	4592	msedge.exe	85
PID 4592 wrote to memory of 956	4592	msedge.exe	85
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86
PID 4592 wrote to memory of 3444	4592	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d0b5e192f6f1b81ba9c89f531d9b3869_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1a4646f8,0x7ffc1a464708,0x7ffc1a464718
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11510331453558166499,6278447202367821133,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11510331453558166499,6278447202367821133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11510331453558166499,6278447202367821133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11510331453558166499,6278447202367821133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11510331453558166499,6278447202367821133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11510331453558166499,6278447202367821133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11510331453558166499,6278447202367821133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11510331453558166499,6278447202367821133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11510331453558166499,6278447202367821133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11510331453558166499,6278447202367821133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11510331453558166499,6278447202367821133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11510331453558166499,6278447202367821133,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
601B

MD5
00d5537f2c813202499f7f20f371ab88

SHA1
69ad500a1af32ad9a9822008a2acb8d7c9092fed

SHA256
e0ebb9a9f6ae8db4336c5eae688fe6cdaf78b9790cd29aeb82e959a560601ca6

SHA512
846e6a61e8d3fc6321c9e34791c001ec42f5684742b14c7fd282fa978e4a351e71894c5bc05f0e3125eef32af3c621a4d32db0c115ae34f3e79235d8d003c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0a201261d0813caf6da9cb866bc1cd7d

SHA1
754f2284298f48752f13402aa72f1cd9464c805f

SHA256
f22e1ccf58ddea0b20e0ded533278f7b38846a6f78f796fa65207fea9a6fb2e4

SHA512
7bd506c09ca83c5c8695c3a74af84f536f6f53362cd4e05fa59c77383c7952b7f13621d99e58935aef41df25ec0f226cadf1fe1a5c32dedde2ae34c64dea2eaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7417b167a9a11bd935740dc5759d34ba

SHA1
d6b8b31cf967aca126176b0bd17bff98af42a3fb

SHA256
86c631f0fa80a02169826ae5226738f4d8efd0cb022b33e4060735a97dc80455

SHA512
d3e58ab6cf4ed5ce9171d9991847cb7673e9c57a045c7797c1359e309e9da38bef90567af0429630472ecffc69d6daa7b3b23cc9f3ff1e5fea13a2f460e073de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2efc92e73e4b6cddc20b847d01c1d73

SHA1
2369c324b367759420833f7a4f73bfab8720c3ae

SHA256
1d86f5b6e0796a7421433f276e3bf989cc6bba481f36ad2bc4c53dd133676d8d

SHA512
ab032bb556c1b9cb82d4d9a89ec37e69af2a662be096261d277e17314a0e31a968dcb8ee16cd63442723ebc63f322fdc6194287281932387f3210b182e461a98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
c8793665ef408ffe4c0c9670b1623edd

SHA1
f84a85cf96e7403080425d90d8d0e3d223bf7b44

SHA256
8d21e4534eedf00874f26241734bd59eabedc3da9178b407b4f58dc021187940

SHA512
40f57c6dbeacad2bad32917bc7ad1481830bade9d5ebbb280850e4879879f8e65a4433799974c2d9003f61dd1e97eba9077b17659250062d6b8506d6fc925070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582778.TMP

Filesize
371B

MD5
fedd1e37922ee2b3c03713e8fdbcbbff

SHA1
31f43a5e8b192aad86d8dc12e2ae989cf1ddbbce

SHA256
9a394dcdfcec2cd680ff6ff15a23ddb85f72a9f63b5d30652124bc87fee4aaa7

SHA512
ef5d5126e35ceb954bfa85550a97aab0c70b498d2eb3e9de844837491c5117f40940bb90e8dffd5bcda3be31fa0255d6bd68f09e9f2e19f3ff9fe0b20f7ea3d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0d24f7e10170d5ddb49d45fa9c396457

SHA1
949746151b630f6e403ebb1f753e922f3d0f76f1

SHA256
0e727910d55881e09de004d373468d850632317c1b29575eeea661fe99f39e8d

SHA512
0f7e6d2a08f968e4f610daae2cf90122644cfac858c414f8660c638cad62f3316f2a13d3ee630031db02481b48c8bc9fc1d519b03988e16061184c03bc5bb50d

Download Submit