b0147c61009f396e61b0e9907813b1d3a33552392d553ed2157b91ba4a9ce0bd

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 12:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc4de27f2aa5501e7acaa69a10225c33_JaffaCakes118.html
Size

36KB
MD5

dc4de27f2aa5501e7acaa69a10225c33
SHA1

582e2c69cfff06e49363fb28d5afb19461380433
SHA256

b0147c61009f396e61b0e9907813b1d3a33552392d553ed2157b91ba4a9ce0bd
SHA512

aa17d4c450b8c34dc6f90407740d744ee42abd18fe4facb2b500b36aca4b7eed284d4146c60020a0d01e7b032c0ee9b95be849b9c06f9d771b64a0edfb6f7ad0
SSDEEP

768:zwx/MDTHyU88hARSZPXtE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TtZO46lrl6lLRcZ:Q/HbJxNVuu0Sx/c8CK

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1224	msedge.exe
1224	msedge.exe
3524	msedge.exe
3524	msedge.exe
4044	identity_helper.exe
4044	identity_helper.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3524 wrote to memory of 2400	3524	msedge.exe	82
PID 3524 wrote to memory of 2400	3524	msedge.exe	82
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 3480	3524	msedge.exe	83
PID 3524 wrote to memory of 1224	3524	msedge.exe	84
PID 3524 wrote to memory of 1224	3524	msedge.exe	84
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85
PID 3524 wrote to memory of 1844	3524	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dc4de27f2aa5501e7acaa69a10225c33_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc136f46f8,0x7ffc136f4708,0x7ffc136f4718
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,11600703888799124015,14106156812770604073,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
613B

MD5
5f60f5011aae367979e7f24380f46d2b

SHA1
0ac2995c1d31ae41276d82244eaf419ca7e676de

SHA256
4e0ec14051278db3106ceed4b5b09cf607ed8d7e54b0f0ba0ee3e8d77af5006b

SHA512
6b2d0fb33de0c8808068f3986cfe8016e96ee3372bfd99218d008adc6c3e12b8408d06e6cb261da0d792621118372ae317255de3024e1e5eb4fb7fe099031faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b479c95663a3a6810a935a0d1b358e63

SHA1
07626feee39ffcffeeb7c3355e85fc98836369f9

SHA256
a5d96a243ab0a133bf1b34b40aaa907968847c8f72f7fa67ab1dcb82ec590761

SHA512
bf42885f09296198525625311b04d0af493815ba05f88aa611169f702baa04dae83ec33aa1899c85dacf9f79b05c1bf9406c9fe5f640b5eb89dfb1c172919633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e09599de736f00945bd821bc4ef76453

SHA1
82758aa294155c20a207f782479ca21a0bd3e1c1

SHA256
a39cb6bbf7c8f045d1781ef243b9e0c0314dc508e4a04243a836642d3399169b

SHA512
59a124cd2bde3a394c23e7dc07f1dc47d08cfbf7b4893f430d797badec9d29cb8c0af5aa6386d8104358691f03e74b1a1f5457f629b3b13526863070f3dfdfe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ba985d92eaa56fe00d8066ee653513d4

SHA1
a829e620ceaeca9e8b6bef8b5366fb064eb2dc2e

SHA256
09202e7d70829e904eb520ef80d714258d98cd6716b83d2e517c16f00f76f5bb

SHA512
74e89ecd46d1885b0b64355968b3f9fceeedda28bec40fe8373ff178e64da3e195128d7e6cf8588c7d0d3a6e0aef34d0f604b7b5edfe44b7bf66dcb65f7e632d

Download Submit