72931c8ae522173cbdd5bb82e2d85aedab7855f5f4cf73568d11eb52f5c8111c

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d161489eb5d51f6bbca7fca40b01e761_JaffaCakes118.html
Size

35KB
MD5

d161489eb5d51f6bbca7fca40b01e761
SHA1

1735ee367fc6d0c9d829753578e5b37c8bdac088
SHA256

72931c8ae522173cbdd5bb82e2d85aedab7855f5f4cf73568d11eb52f5c8111c
SHA512

58d64021cd3f15ba1d69101300ea9ba99b7d7b6b447ae24d44bf147a60d7ebeebb0a11d59036b74d2ef2c2271c62662a0de0331d9be0fd6d0f5f882e047a6928
SSDEEP

768:WG654FDJlzefkoUOpj3od3jNr/8a+8aV8a88awu8aM8aJ8pa:WG654Fj6s5Oxupr8a+8aV8a88awu8aMn

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
916	msedge.exe
916	msedge.exe
4544	identity_helper.exe
4544	identity_helper.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 916 wrote to memory of 2988	916	msedge.exe	83
PID 916 wrote to memory of 2988	916	msedge.exe	83
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1844	916	msedge.exe	84
PID 916 wrote to memory of 1936	916	msedge.exe	85
PID 916 wrote to memory of 1936	916	msedge.exe	85
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86
PID 916 wrote to memory of 1512	916	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d161489eb5d51f6bbca7fca40b01e761_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8996946f8,0x7ff899694708,0x7ff899694718
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16324239714946588960,7888462947134769116,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,16324239714946588960,7888462947134769116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,16324239714946588960,7888462947134769116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16324239714946588960,7888462947134769116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16324239714946588960,7888462947134769116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16324239714946588960,7888462947134769116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16324239714946588960,7888462947134769116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16324239714946588960,7888462947134769116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16324239714946588960,7888462947134769116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16324239714946588960,7888462947134769116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16324239714946588960,7888462947134769116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16324239714946588960,7888462947134769116,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9faa7feabf1dbd9d861e02240ac62c69

SHA1
d33cd6e8c002b622f77c22f59b58f7835b158c60

SHA256
4b0d923670dfe67c62e0862a11a1c2d5cf4783484d1f4ae5131b8461eb986c4c

SHA512
0719f7dca04698413bdd02c4708fe8a5801ced507ad5c02857dc022f432d94dfbd147f04864ec2f5f7fc6ae369a3dad3e3bcc7355baec43f87d86ae9e2972b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f02e0fe7aa013a1490a46f2bdad252d2

SHA1
63a0944552693707b82acbe7625aa65e47bf2358

SHA256
0bcb92af96dcd1dbeb0d02ac644778f13ba192c322e3dde312e963c6ca57508b

SHA512
7bf8d686a979f7b0b6cf6d77e2ead4362e2e85bde34bf394a3798c7c5898edcd403a875688e91101f2aee470a1bf12218e045cf119ff29167b4bb9d7a85afe5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
80030b15929474822327699a79a9cb52

SHA1
b6ba3c8c5672470dfb0c08009f4f97ffe5a35905

SHA256
2a6cca74296b76084163e66e5d621827af6d02652ed505ec555049ccd39e4e9d

SHA512
e8acbdd4041d1a8c7451239c081bcc19115787daf3595cc0ecab1127a9220f165e9bbe643a9cbe5e73f84e0e181a5ed0463081762607b1e21f0eca7aa18427da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58178a.TMP

Filesize
203B

MD5
2997b9691c0618bb27cac76cc7786a8d

SHA1
ac5b8a229c493956cac48cb048841ebe7f332998

SHA256
e4420a73177286bafb7868aceaaebcadf7acaca6db87584f47b0f82bd47e00de

SHA512
fec08ca89cfb4d9a9db23281fca50188b537e2518522617c58ab18ee1166dddc770fe2885eb3e246bf5a705502780752a672a7ff2df30a4f6194865ff9a3fc9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
feae48a3494fea4b18eef0381ca03a51

SHA1
3059c9379dfc2cdf2839a0fb01d79bc73d417c27

SHA256
a5080af334673bd776697fd39e69fa7c9c2c99671f68868ab17bde5d9aec3775

SHA512
5a80513e34cfd763872fdaa566e7288622924066cf27d5c809f37d9e2f986eeb8abc5cddd1b526bb2f7fcff2ed0430112d055bdd6c7845241692e08913a84c7a

Download Submit