411936ea2ed8ef9fb35daa5b10b3ce4ceaa53df0a9857c6172b1dc011cf137e5

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 11:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1c9c63cc835a7cc122027d05e915f42_JaffaCakes118.html
Size

52KB
MD5

d1c9c63cc835a7cc122027d05e915f42
SHA1

380f5614124f55b12146c0dd465a9e47f59f4c66
SHA256

411936ea2ed8ef9fb35daa5b10b3ce4ceaa53df0a9857c6172b1dc011cf137e5
SHA512

8426edee672f6ef9a4c135d79df1b6216e6cc3eee59f249ab58088e04ea9f8431666cb9f25e71d65da75160a3dc34d4d6198b35a50514c1cef121a4fc75c89a8
SSDEEP

1536:90JMazeVQ9bAvXgFNEev9XcVV/oeI4bl+uLmB+0M29H:QMgAvXgmbl+uLmB+0M0H

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3500	msedge.exe
3500	msedge.exe
2832	identity_helper.exe
2832	identity_helper.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 1700	3500	msedge.exe	83
PID 3500 wrote to memory of 1700	3500	msedge.exe	83
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 2716	3500	msedge.exe	84
PID 3500 wrote to memory of 3388	3500	msedge.exe	85
PID 3500 wrote to memory of 3388	3500	msedge.exe	85
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86
PID 3500 wrote to memory of 4412	3500	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d1c9c63cc835a7cc122027d05e915f42_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d48d46f8,0x7ff9d48d4708,0x7ff9d48d4718
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,10547598002037193134,13569690318277556246,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
783B

MD5
d7112c664844556ccd9c944a6b390644

SHA1
7af1080e66dddd0c5024bb073c6edb7aae9eb89d

SHA256
1737b9dadb4862056b2c3db22ea7c9e263d3551b6de8285349e08b0632b4b38b

SHA512
937f37e6758d88efa5fca9b7371f9851afab205dd674a2d1bc4c172e040eea0647965e4275db04e554bf674b9cc81da6746ef340482e21d0a1dae15605be088d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e56722d0d488b672e068de976103903d

SHA1
e93dd0730a30d3a96e1cdf2b976ea15e78d99f63

SHA256
0a000f0571eb9f87a927963d12f427e1bd27a9819b440215950f3d750435ef8e

SHA512
95b4b6634eb1b350d04538cbbf1c2f58d668ae34461f554d858a15279e6ad4339eceed9b17ec1fa4befba5b34ed93f7c83aaf5227d436969a2204c61c5387c87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68d658baf141d392d54050b0715bed25

SHA1
169ed7ff0126f360ec22ded61e5bd2d31a9a4a06

SHA256
f467d4f22bc062217818f1600003f5c9845fa1d43dc95414843292edfe3197c4

SHA512
f8bb541868adf61317b09e1895fe3c42ea50d19699a54c2ec5a3849015c10cfda75ca4e1fe4c227cfc1163ee343875d51553eb2e94d11ca00c0aa8ae6ab26ad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6af412109ddc0614a70e43b79063b024

SHA1
6de450060287e32b553157e1bb0b053ee5ac7a43

SHA256
6f55e8111e78761aa6b5e034964f42ac170ba5d59e752f8a1c28ee2a8d318498

SHA512
b206ebaeff3d4bbdaa843ff3180dc4fba55325404b44eba678ffab1e20e7652754663a410c2f3a14273c6eac453be0f31fc140130f68abe2b268a19d16de4b9e

Download Submit