ffcd0c82c5dd09e9461f0ba8e2700af9820bb0488ed7e154329c37387ed9b9c9

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3752afe9f361e0af017f62fc4bc1711_JaffaCakes118.html
Size

33KB
MD5

d3752afe9f361e0af017f62fc4bc1711
SHA1

d8f284875584f98a2e4791ee93f4fb18225ee889
SHA256

ffcd0c82c5dd09e9461f0ba8e2700af9820bb0488ed7e154329c37387ed9b9c9
SHA512

72ed137da299e5eb426d6f2351e45718141c857b79d7f765d680938275d1022c68bc4084aabe25b72711310a56e7cf05eb087ee5fbeffe9844bcf9f5912fc5c3
SSDEEP

768:9TgTNojlIPVNNHcthkFYutyotqd1YR9L9krZh+POQ:ZENel0bN8teFdtXtC1y9L9krZh+POQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
2800	msedge.exe
2800	msedge.exe
432	identity_helper.exe
432	identity_helper.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 1728	2800	msedge.exe	83
PID 2800 wrote to memory of 1728	2800	msedge.exe	83
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4984	2800	msedge.exe	84
PID 2800 wrote to memory of 4020	2800	msedge.exe	85
PID 2800 wrote to memory of 4020	2800	msedge.exe	85
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86
PID 2800 wrote to memory of 2020	2800	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d3752afe9f361e0af017f62fc4bc1711_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffeb2746f8,0x7fffeb274708,0x7fffeb274718
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4749563706445903700,15429268095116775053,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3116 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
09dae2fa4971d86b4ba8ab2a932d8d2f

SHA1
6b98572856a08fbe12392817a3bd8328a35f79a0

SHA256
ab15da567529f3b8bbc69e51628655a033c0ce7fae901936364c9983d7b38f8f

SHA512
e081b222e8dd0a2904399298883dcb582cba30f3cd1d06269463cffdd1c9f41bb9b749bea834837a536cc19e67334d584687d42641ba88b89b4be7caaba2776d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
644B

MD5
f4069f42c9873a6c7017ff57bddbdd61

SHA1
8c193561ef4aee50ef5864c17ff9a95b56cf6866

SHA256
3c402e7058ca5a846311fa81634721966f3035fa265ca0fd6685f01e116f77c4

SHA512
2e0fe20a0da68799aca9195c5f6f81ec7695684c58f2422c439fb9118e94b937be5961385363ce484070a642cee83662009b29b18f15c7537d524157a703d2fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
193fbe7b1188c46725ea525d50a5c6d0

SHA1
85bbba41c0bb63a4dbf9bc0374b02d9996d35f84

SHA256
9d61ec5601d3509a4c4310dc197a0fa5183b5bd7c40e8bf0576217d6ce70f19a

SHA512
67753459850971ec303f439b670385459ee93d421a0679cdca504d2e4743efaf3626f84d7b669c7aecc2ee83a23893643f1f5a0cd89afa9c4a0cc281dee5d452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e3e55a51ac5898e65b2d0b46f1f3c9f

SHA1
171c61ca5bf0ca008ed74d91c9a7b5cfe36f68e8

SHA256
d3c9c2ae5a104288e1884cfdb71ecb4b8e3bb30269393583d99157f7edb969db

SHA512
5236e9d9236a2c2417d63a2982892c45f647c35acc98f49b8f77284a7d14323ad8b839094fef8e0d3d79f243f77adb7b424bedccf89f59600eec1cb205adab0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
791f54b8e5dbdbd771fd9a0b118b3fb2

SHA1
27d8b76d26c2d81cbd3e40094cb7dfc99de20344

SHA256
e8366310065a42e76e8f8623635704f17bdfc1fcc231b4f5223c9b19a4ee833c

SHA512
407f029580620d08e5647c3dc3775d050a4d2e7fc66dee9a99a23361dcd1b0861aa566d28cf64f0939c28e9347374a5cf97033475b57559d0c77c8b3ad1582f1

Download Submit