7e636fcd936b6251e11f8e0d4220f28ba660999f18e7f99899099b59f13633c7

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-09-2024 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

daafc55ac5b0d908d59309fb0d803f2f_JaffaCakes118.html
Size

136KB
MD5

daafc55ac5b0d908d59309fb0d803f2f
SHA1

c4971880f165872d29f6be4e437e067b11895305
SHA256

7e636fcd936b6251e11f8e0d4220f28ba660999f18e7f99899099b59f13633c7
SHA512

9bd86d6cf4dcd995812ec44c04659c04a984f3078bbf76ce68d956a20b973e83809cda570898e9781fd3916c3f54eb280f52daed7d59f69f5bac026a40a80e43
SSDEEP

3072:osamm4koADJsK54Of/bD4RlFe4Ul1p7flFgYYl1+nuDiz6xoipiuDBF5FyAyDsuS:gDJsK54Of/bD4RlFe4Ul1p7flFgYYl1n

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2188	msedge.exe
2188	msedge.exe
4088	msedge.exe
4088	msedge.exe
5080	identity_helper.exe
5080	identity_helper.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 4620	4088	msedge.exe	83
PID 4088 wrote to memory of 4620	4088	msedge.exe	83
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 432	4088	msedge.exe	84
PID 4088 wrote to memory of 2188	4088	msedge.exe	85
PID 4088 wrote to memory of 2188	4088	msedge.exe	85
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86
PID 4088 wrote to memory of 1324	4088	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\daafc55ac5b0d908d59309fb0d803f2f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce26946f8,0x7ffce2694708,0x7ffce2694718
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,10330549403984613542,18275806202423137256,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,10330549403984613542,18275806202423137256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,10330549403984613542,18275806202423137256,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10330549403984613542,18275806202423137256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10330549403984613542,18275806202423137256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,10330549403984613542,18275806202423137256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,10330549403984613542,18275806202423137256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10330549403984613542,18275806202423137256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10330549403984613542,18275806202423137256,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10330549403984613542,18275806202423137256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10330549403984613542,18275806202423137256,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,10330549403984613542,18275806202423137256,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
99678d0591adf9f6d6c3b6acaa1a73b8

SHA1
7149a1f327486036928fd352528a18505397632e

SHA256
1adaf4aafd5130e805222953cd5ec6533895f33ad1f64764a544d8609ab47775

SHA512
9f25016781c137924f3beccd1de3fcf5051390ecb0706a5350e45c374a439431b3deee34b622f1ec9372cbc016a11e97fb4490a3bc133e5d5a6ea7d4a575a8b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
48f976da3ca72c69a2cfc5e5324ce80e

SHA1
6a0f96aeed3c35135b9428deba1d5ff0c3969efc

SHA256
0c922d37ac93a2cc99ab851a121cf1fad8deab7bdedf495e864daf25cafebb32

SHA512
7c4c9dfd3e8ef06cfc2783829b53192c95c3e972a0f6c4920575877f9a61b2ecb072f225e1fafaa49b4bb0b1afd3146db6ec2df061d2b751449973d5e184add1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7991a17b97efe234fb397dd360039cec

SHA1
998699aeeaa826b8aed3ba4d9036d1153cc10ee2

SHA256
e4b474d4c6a1d518ffb51b3be927e85cdb70010df6020e6e8907fc947166e8a6

SHA512
d8efcb9054d1d1a69e31ce68cee081b67c4e7ebf5a576003f08998bbce4e66258a1a2b88ffe5a22060717ebc3fb5403d298cb1ffca181a4b70d7b081eef017e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9655cf4c4d76e7809d02b8b578a83a6

SHA1
731db9a9d2e8e88f5354aae69c12a2077d0a3533

SHA256
eb4c0a2ee945c1da5f03372de9b37771a39bca21ba4b149e44fa258346690815

SHA512
15b931942631eccab188e037887db8be55fca8d3dbb3c2c163dcb71f6b101732248f27eee5511341e7715db64e13916e26eb8a6422848b1143970e921e32ef60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e24346943cff96caef23bb62733b98a9

SHA1
7f8d7c6ba6b5e7d5a6798988ebd887f5a1de0016

SHA256
c9176a250b56d9bdf76b7065c8f5967fb5e38df7f58ee42c11c6f5ea11ae5867

SHA512
bdbfd20ac424b94fe627ba94820cfddb81634c2eb206a4ad7a49de3196fea648866c870b53715f8b6c47d1957ce01c88fbb1989fc466da4202378c12cfd17436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2ad84fc26d3c4513853754fff16c5c1b

SHA1
0227ae02ed6985db9cd01a530b87121eb41617aa

SHA256
ec1995bbe80c65b61f4d9e48f595c30b667186549f7a0adf6ea3582f3334a1da

SHA512
5bf45efde06ca450007633b80b3630b8366ccca75b88489ca3ae6c08ab70ed7ad86163994d3efbd965ae835d8bd13b6cf2c8fcd236f7b3b616be0384877d95d8

Download Submit