0247b47aa081b349a6806dc1826afce97e302948b71cd811205a563dbbcc36f6

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 08:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de0a8e832e0cec63622e179c2dcb0dbf_JaffaCakes118.html
Size

21KB
MD5

de0a8e832e0cec63622e179c2dcb0dbf
SHA1

add4c4c0c040974fc6b6fb1ae5a866c785dacd40
SHA256

0247b47aa081b349a6806dc1826afce97e302948b71cd811205a563dbbcc36f6
SHA512

262db023218e280a7788683a9122caa62a177cee5a5e7715041bb5d432d26f76a139484c9035d238f1ec6d20e8d14623f24536479905b0ebd7cec399e1208f22
SSDEEP

384:ziMKcRAa5r9DIiXbWVBD8c03R4hvq3cmEfP4ycbp5xzVcroDJZTO4u/:ziDa5r9DFygc03GOcmGP4yKHJZTO4o

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1408	msedge.exe
1408	msedge.exe
3520	msedge.exe
3520	msedge.exe
4428	identity_helper.exe
4428	identity_helper.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 4008	3520	msedge.exe	83
PID 3520 wrote to memory of 4008	3520	msedge.exe	83
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 4980	3520	msedge.exe	84
PID 3520 wrote to memory of 1408	3520	msedge.exe	85
PID 3520 wrote to memory of 1408	3520	msedge.exe	85
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86
PID 3520 wrote to memory of 2060	3520	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de0a8e832e0cec63622e179c2dcb0dbf_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaba0546f8,0x7ffaba054708,0x7ffaba054718
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16689328908844383011,7175073763676106777,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,16689328908844383011,7175073763676106777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,16689328908844383011,7175073763676106777,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16689328908844383011,7175073763676106777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16689328908844383011,7175073763676106777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,16689328908844383011,7175073763676106777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,16689328908844383011,7175073763676106777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16689328908844383011,7175073763676106777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16689328908844383011,7175073763676106777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16689328908844383011,7175073763676106777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16689328908844383011,7175073763676106777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16689328908844383011,7175073763676106777,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1408 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
39fb2d916b35b0f42432f3dd8404f249

SHA1
5ddeb55c38eba87ba8f99c94afeb280d3d453a7a

SHA256
eb7f124d3145afc66f382545b067012e63bb90ca806b70953fca2e7941f055b4

SHA512
179dd7edf16797c7fc9ab53b9c0e08e9036c3742b2ce3b7cea1c6c0ab4b66f7e87201dc3bf43fd3f8a798b85368c25b7709c748216b032e2e0c7789982460d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
567b536b8cdfbe185fe8d0fd949e6e17

SHA1
3da1de86b9de891662f331ab900b237dedb7f5d8

SHA256
e302a5de1aa8589d445bb778c5a2e15ee57c28e533de76c8310b2fa35a64c25f

SHA512
98d21669b47920cf0dd91dcf61f4a7268c632dcb17e4ca0c94cc7a988f0ce007ab35f10794ebebb4f4f26d2798ba7dd9bc0e65b11b8eccb70b50b64a0a3443ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5cf2d5d65949373467f3343399c1f0c4

SHA1
27b65cfcad3d870e7a15cbe91f29f4ed031f5a65

SHA256
7f74f9d2bdd864c105a1dee45bffcb9458e2c431e6c368e589671370ea9abbf2

SHA512
d3b4f840586092f008938833a3042c28b68b329ec524ca80633a4fb6f9ee607bd601f7728c27e4d20dda2ccd174e884cec114e4fdbd832a042adbcf74b6284a0

Download Submit