67d70c81afc1c2e5800fa84226f8b692896c505520210cf61b3f51a2e137303b

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd7bec758561462ae13c556d4d429c82_JaffaCakes118.html
Size

207KB
MD5

dd7bec758561462ae13c556d4d429c82
SHA1

d05e523c44c303669ac0aac82f8e3891d4bd4058
SHA256

67d70c81afc1c2e5800fa84226f8b692896c505520210cf61b3f51a2e137303b
SHA512

ea761c6c7c01dfbb4c46e1e5748d61c53aecec73d5de9d2e073895ace8377037e9d8f728a91602798ecdcddeea5e5f967d5bbbfe4e7c047a8e80e3abff7e7f57
SSDEEP

6144:y530DH6NEQwjcHXxQRVufJc/09N1kJN5q:yuDHQmjcxQRVufJc/Rq

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
2208	msedge.exe
2208	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 704	2208	msedge.exe	83
PID 2208 wrote to memory of 704	2208	msedge.exe	83
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 3372	2208	msedge.exe	84
PID 2208 wrote to memory of 5044	2208	msedge.exe	85
PID 2208 wrote to memory of 5044	2208	msedge.exe	85
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86
PID 2208 wrote to memory of 2408	2208	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dd7bec758561462ae13c556d4d429c82_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa527746f8,0x7ffa52774708,0x7ffa52774718
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9660975918703574642,9629251944796391389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9660975918703574642,9629251944796391389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,9660975918703574642,9629251944796391389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9660975918703574642,9629251944796391389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9660975918703574642,9629251944796391389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9660975918703574642,9629251944796391389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9660975918703574642,9629251944796391389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9660975918703574642,9629251944796391389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9660975918703574642,9629251944796391389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9660975918703574642,9629251944796391389,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4616 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96142ba45f7203a8c4d877b2d70588b6

SHA1
e1d1ac761b3c41ba0a3409d7bec68ca22ae1fac7

SHA256
dac3fb834fb077720a5a79f49add75e37c15bd07ac063b5516061ffc611c334b

SHA512
fe09d408370c5ddfa3264f870118fd2edb2e4184871a8029bb62a438be6da78a8e1f72d176149ce6a4963e9981136dc878aedb1e0c660833482a9850680a4beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b367ffa3cd6896506992c5bb8b91addf

SHA1
93c9bded12fd3a814e4a87d1ab6b102818a9996e

SHA256
a2e0b202caf41d3a5fbde3824043e423cc9ce0ec9653a9d1a2d23b04c1467b96

SHA512
44e2745fad967ce9b7a2be00b75d6617d441ebe2763d81a8c038d57906b1c94d6d57c930141331c39e032a284b59014646dd9054be213fd973e75a2269466a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7dea178ea2854467cf0f5bad6271a019

SHA1
396b710cfb197a378a2f8a4906734fbc8155b464

SHA256
cdcb02a7192bc774fa1a557ec0c65e00dd1b0378ea02432739d4a458e30bfe90

SHA512
d4ab45a2a4091c8a2af4864c2330c583431fe96f1628e0baef881cb81b7d60ff73544dcde8eec287ea1c843da352b586346f3052151a3784e8454c9873fb8d09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
587b0efaed078a8657a7ab4b1d62f84f

SHA1
e2904f84724597fd1bded31b073b27ef76a6344a

SHA256
7c21ab2bf67d26fa5d44fbca777f583d75e1836c8c880e802176bf850a7ffa45

SHA512
533fd80e76ca6c637bc4ba061b7a54cf5b5786e87b527fd119a06286e2db1d22360c3e0c2d80bf65fc10b32a79805c346c8ba48a0f3d9fff9869302aafa8346b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
610395d9e494b5ae1a9939605f63445b

SHA1
c4c3b993c49c3d17ae418a40da32d701e85cc19a

SHA256
f93d09740a8b3f978ff48e80a8112cc9f3e32d3e2ac0d258f6febfc7b742dd36

SHA512
0f1e462878c97e7f22364aaa57641e7fddfea1fa4bf5920266a450a20386f20df054fe9d17a5fdce7b91ff5fe02132db6428c3789c23c7adc5a6ec5c24128d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bc0282933165649be03f77b03781e358

SHA1
8d82c06b8899d0c47fc103a73af89df687808c69

SHA256
b7bd9d251e310e4519fa7e5025ddbcd5500be4c66fc3528f8b103888e5e6546a

SHA512
659c28bf55dda1ba01b0ed4aac9744f1a41a444a48fa543a454955b756035be0c2bee3061013c0064f603c37cff549f54802a81c0c44b88e7328f8341f4d1824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a0d678bb7ae91af527e5562e650eaa60

SHA1
9cfb5882c3eaa2222d97dd5814e3b6b7a21075d9

SHA256
aa8f5ff22d7a9867c27dbe15a770fab793572cbd027b897d9b2f1ef2b2ca405d

SHA512
ca2bf45374fa52f0e7dee0b2fb55b90a2529696f8223fd0edcf99303c397f7d498a930f6b53854a4c1c162f70b82a01996ca719aa1152ac4ccbd9b20722659bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d69.TMP

Filesize
703B

MD5
2f587a8bfab378725dbbec06c1013296

SHA1
0d932cb3dc565d8174009e2e207167369a1cc0eb

SHA256
15a74eeeca233c1620fedb78d04cf51a957fae04ce7b4d165ca253d516505d18

SHA512
bb07c77dc988b5c0cec5004c45c3b91a07b68d63c549e045e7fff70817ae67559a8f107768180d991ccb7db7c68588ccaab532f1939a4185b5dc4d167aac49d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fa7e8d45-6b92-4c11-bbcf-d0fd8129059a.tmp

Filesize
24KB

MD5
852d886f30a60b001ee9e16d15da655c

SHA1
713ae02473e2af931fb4455db3be07a00c734e97

SHA256
0c05a4e24bafde15c1c9cfa778ac25eb5552c22b1a589b7b473eebc752a6ca68

SHA512
09625a70076a264b7138dc14f2fe81b0e8ad6cc0ecb3cc4f5d5bd73eb58fab1e2528c5e3a3a40837740895a5a694b94b2fa174a8595960ef122823a4132d4f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d494ff7d24ffd567035a18e457b6ffce

SHA1
59f918bdb9551f497ac990f1c4165cc27dba68b4

SHA256
0ac3db9b96363d3b7f8602357594c34c167b7260edce4ad425f3314adcd174d4

SHA512
7015c9f50383d5ec2566acdf0217ec4c5e8da9448946379eb505f92f11cbd38f4da7654558436492d21499930408b47d7653f8ef26933f89aff65f12f1859915

Download Submit