f3e63cad623d19a849815eab99f4774427a6b6d564ad3e600cf6644549839f77

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d422e94f4cdd87476fd50b32ce327534_JaffaCakes118.html
Size

86KB
MD5

d422e94f4cdd87476fd50b32ce327534
SHA1

10cd0c984ef2da91714aa7fd793fedeb16d2d449
SHA256

f3e63cad623d19a849815eab99f4774427a6b6d564ad3e600cf6644549839f77
SHA512

34f49ae7fa1af77bf882a3de300fbc84e5c76b4c99a0ada2a72aba8a39e449c4384f696d2af3c552baf820b22b05083e080e88aee0f7c7bf2a21c805fdbb5448
SSDEEP

1536:2yROatmhFhPjYjzTotIdw99BHiJ5OMh+zUgMhSs/B9c/FMkN:2AOa4huzTotqw99BHiJ5+zUgMhSs/B9g

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
1488	msedge.exe
1488	msedge.exe
2472	identity_helper.exe
2472	identity_helper.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 5080	1488	msedge.exe	83
PID 1488 wrote to memory of 5080	1488	msedge.exe	83
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 3216	1488	msedge.exe	84
PID 1488 wrote to memory of 64	1488	msedge.exe	85
PID 1488 wrote to memory of 64	1488	msedge.exe	85
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86
PID 1488 wrote to memory of 628	1488	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d422e94f4cdd87476fd50b32ce327534_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c31d46f8,0x7ff8c31d4708,0x7ff8c31d4718
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11464521845830908682,12776440501876937267,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11464521845830908682,12776440501876937267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11464521845830908682,12776440501876937267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11464521845830908682,12776440501876937267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11464521845830908682,12776440501876937267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11464521845830908682,12776440501876937267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11464521845830908682,12776440501876937267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11464521845830908682,12776440501876937267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11464521845830908682,12776440501876937267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11464521845830908682,12776440501876937267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11464521845830908682,12776440501876937267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11464521845830908682,12776440501876937267,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\48520993-eadc-4546-b4df-84083716f7d0.tmp

Filesize
5KB

MD5
3a51b22f15bf23e330e3ff97d0733046

SHA1
8f4ad0979925722f78d3a3a311a8d45ba10c9ee2

SHA256
4997934d221faa368e7f3a9d3b2517306a511e7bad72b6773ae53550b61873ed

SHA512
8b7c3c92324815dc97aba36f8730520927ccefdae525333dc0138d7999e28c083019e9ba18af49d66d639a3fef2b8d83b1dccb84ab599d245c19696d4759cbdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
335B

MD5
4b18a6885dc314516f0631dc28c90a76

SHA1
8a3a923638e279adf811dc97ddea103d7a8c1b77

SHA256
6b6dd5a19b4d25d814b8b841720c68225d5c290ddcd08c6f28407cf51ac10156

SHA512
65facee274033f6e7483fbc0fe9401a745c093405766f5801ec00ccd7a2feb090080be4f9b19432358b561e135f3f61f54726190a8924335dc821627249b3ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
edc58d720d42e5b131e004f20d2b9349

SHA1
5181d855ba1d7953d713786e53e86f1a1d65cc19

SHA256
23d2bbfff7e3ec1af818eff96ddceb3cb23545212ccd008da35d2c430526303f

SHA512
5f9579a73c281e710a6b407754754247f12f61550808fa75e3ca179fc368df2dc1f0cc4785c335023e3238587337078f88d00de9f120b8c93faaf2eadf84cadf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fceaba8c92d3964a91669b3b17a08857

SHA1
245cad84ea3effcaa9a2a53372d2a161b057ef92

SHA256
1e50673fcf7d8e399f7467040ad0ac7b103bc0e70e5db08539d4aa54a3c63002

SHA512
645dd9553a7c6d4cde7876a94f30f6cf7ffd40f8e63e8977d088a61e1699d252fb357fa25786341393544584c98b22991bbf9c76ae44188ad5d799bbdaa4df41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0d96bb211aba759a0f2a30becf601ddd

SHA1
15c70a3e8ad3dcf8ba6df6b933424b9ab6f66b3a

SHA256
ff3051103f66ff9b9d9a14d1cf44ad4202fda5f2585d51f2b38d1f4840e6761e

SHA512
ae4b83cb1fa97da518b7dbfc7af88015217ca8ba3d173a91174307eca5ca17b37aa7b9b27aa1a63654e5902f3ae4896a7cd19c50f05e68406273bb205566db98

Download Submit