b9713aee84650a8c9e93a5c4ead6d438d9f55c4e0321e7ad0d06c5bb251f0645

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 22:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db6044216b52d69f7bab19339bf6729b_JaffaCakes118.html
Size

4KB
MD5

db6044216b52d69f7bab19339bf6729b
SHA1

c2db7b2d91c0b68043683c9c0660f87bacdafe49
SHA256

b9713aee84650a8c9e93a5c4ead6d438d9f55c4e0321e7ad0d06c5bb251f0645
SHA512

796c0febecaa49a8d7e925b23b4238e14281db78122f8ab895379d18263bf0ab1abde7ad490245d4aeef9dcb923b369d30e9ccef57a6e16d3c205121f0bb162e
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oLKd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDD

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
408	msedge.exe
408	msedge.exe
4888	identity_helper.exe
4888	identity_helper.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 408 wrote to memory of 4824	408	msedge.exe	83
PID 408 wrote to memory of 4824	408	msedge.exe	83
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 2568	408	msedge.exe	84
PID 408 wrote to memory of 5076	408	msedge.exe	85
PID 408 wrote to memory of 5076	408	msedge.exe	85
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86
PID 408 wrote to memory of 4916	408	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\db6044216b52d69f7bab19339bf6729b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a02a46f8,0x7ff9a02a4708,0x7ff9a02a4718
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,17963274728091626084,12816277541182521617,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,17963274728091626084,12816277541182521617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,17963274728091626084,12816277541182521617,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,17963274728091626084,12816277541182521617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,17963274728091626084,12816277541182521617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,17963274728091626084,12816277541182521617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,17963274728091626084,12816277541182521617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,17963274728091626084,12816277541182521617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,17963274728091626084,12816277541182521617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,17963274728091626084,12816277541182521617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,17963274728091626084,12816277541182521617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,17963274728091626084,12816277541182521617,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
292B

MD5
6e572b4cb8a37230474a5e5e9a4e9d5e

SHA1
8a94d0f9628b3aac795cda2824366feb17db002a

SHA256
897d594fa3cb325a857a35c18916a68955477e9a7836e72d76f200ff48f6bc9d

SHA512
0353c6f622ad5892fb519e7f768137e6a5e6ae144ec648a52a917029bbb2aef156e60a9e0683ea881dbf731b4acc5d1a1b424fa452311de52f30f890f0af1463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93cc01ec0239d7aa51b5c48677a9cff1

SHA1
78e355a7817075d937e489a537e8b67371cf9ee1

SHA256
420e824f96f6e70e0b7e19af73d224e9deb53c1042fd432ec4f21fd799f10fda

SHA512
b067de9118bbcdd5e2e5758161747faf7501ff136e9b7791af8fcbceed463ea386e8ef019d176634e4ecbb5e467389077c4f200a97d3db82f1afd5815a362b6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
76148eb828a2430d92e5f2be965e844d

SHA1
2215257a527dcb03ad05e7b2c7f180e9a5a7641b

SHA256
2687bd71c97b0062001ebd7af4a3ccbd5db33b21a2c9147ecdc2ed34a4bf26d9

SHA512
75df847f1b973c4313eceff8bc18f5c13593c1f4a8d2cc4eb5cafd56dc0d555dd2a92afe7b6e86c3d715acbb6d5b5d37e56921b18d6c6b3a00f77c4f53ea341b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
16ba081f40ea589571867a428c629b25

SHA1
eab89f9fc8e8d592b39a4dfef67ebe6cf09ded98

SHA256
7ceebcade809f72c2ff1d40ddf5171cf9852e9de17100bea6305bbe1783da395

SHA512
993ecf0c4f2feecb871fddd474a3a86bdbadf6f4b60de4c711304cd1fa522c791f3edfba1b878f9044b090ccd2425cfc07014c52348a518cae9e02c44578b20d

Download Submit