72c9a0d9981f561e3fe107d67235dd79df5d442aa9bad20a6ab7ce5940d9bfd1

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 08:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de108f6704581bef9de0dccc9a10a60a_JaffaCakes118.html
Size

23KB
MD5

de108f6704581bef9de0dccc9a10a60a
SHA1

5883f6b4c3ca76b528e5bf6c9f6c9615c7f482ab
SHA256

72c9a0d9981f561e3fe107d67235dd79df5d442aa9bad20a6ab7ce5940d9bfd1
SHA512

b2b133667c3a6a4293d751988522c57b395e52d21c053b18ce6c2332bb68d47e6dc6e31bcf3a53eb173c2b2b5f885929d225cb6585b4ab208591418689a16333
SSDEEP

384:STM9Zx/BekqvJlSzLgRqLSuLfzHRqH6OKS9k470HSW17OiOKGISOeOROFOkWGQDm:SIFBekqvxcYIVDxYacoLSMqZHBs+1D

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
720	msedge.exe
720	msedge.exe
1532	msedge.exe
1532	msedge.exe
672	identity_helper.exe
672	identity_helper.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 4760	1532	msedge.exe	83
PID 1532 wrote to memory of 4760	1532	msedge.exe	83
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 1328	1532	msedge.exe	84
PID 1532 wrote to memory of 720	1532	msedge.exe	85
PID 1532 wrote to memory of 720	1532	msedge.exe	85
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86
PID 1532 wrote to memory of 4904	1532	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de108f6704581bef9de0dccc9a10a60a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc28ee46f8,0x7ffc28ee4708,0x7ffc28ee4718
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7898406913073338012,17458780840329322068,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,7898406913073338012,17458780840329322068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,7898406913073338012,17458780840329322068,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7898406913073338012,17458780840329322068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7898406913073338012,17458780840329322068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7898406913073338012,17458780840329322068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7898406913073338012,17458780840329322068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7898406913073338012,17458780840329322068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7898406913073338012,17458780840329322068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7898406913073338012,17458780840329322068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7898406913073338012,17458780840329322068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7898406913073338012,17458780840329322068,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
331B

MD5
dead760acfa2ce3ca99140ba66e84765

SHA1
288f0bf24864a344165dad7975cfebe79fa99900

SHA256
0b1f80ac612129a986a5dec0fb83ff981fe7ceb098704681ac365580a9e25e12

SHA512
34630e426b0952f7009b462f56dbbe415171cfe9206e1c7174aa33fd471e590abcdb6c64798f54f409a4e6f390646007ae308eb54da516829eef9ef01e197dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9b389f3f74ed31a37267b7f38c5a33c4

SHA1
1646d831e98585ca57aa15e960267df90021b748

SHA256
46609bbfa79ca3667326023afbfa777f92f6d9cc573875f3339653e730e94683

SHA512
b8ba52e9784fabc9dc30d132fb21d072190a2d7d6101179fa67e59b7de68beabb8159b5365a769d364127fc7077e147d587668baba1e206660c37e2a005c0613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91009fbd53109165c6243f331ebe7c77

SHA1
6ba4ec68edbd9b97f2041c39b83bf35d15e546af

SHA256
2673858772379254480f2d610ddd7e4a57af68d4590a08ba83933dce76dcefc5

SHA512
c48edbe07dabff8c8716fb0bcb016e560d5cc15f85b333484ce7bf95510f1dddc0ffe1cbf945dc7b995ea3248f01b98b42d86d81f253cc2a10f4a9bfbd32e501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
d9f5c8afd997282e1deaf2f652a2186c

SHA1
2baa1fb2f68c617725bfd3366dd435682631d795

SHA256
a4f04f41ebcf7515acbdde66a058f3de2b03af7c3f4901751c20506e1b538886

SHA512
0128269b784e8ead945c4253820594f51fd3fb28c03653ccb37eb71cd6d18b0aa201706434efe192793555371f04848714ac982b096645084ed2784d64cf83f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
4a2070ccb888e05e0ae3a573755b226f

SHA1
c8c1757dbd632343079055f4f01dd806129ba5e0

SHA256
4c4206d37739407df9296c8256d74f0c8d1463853da727fed54a1061949f87b9

SHA512
0458e2ac38ca42741b35599923edbe5431f08223cc87970dc9d9792cc75734a36002bbed21da22e6aa300694a53a7956968973dcd88a16260d6956c48aa1351a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583fd3.TMP

Filesize
371B

MD5
8e5a4df6d5c0107980d72cc2dec744b2

SHA1
71e595c2cb8161a51e40b0c9c1e80581c7dbe1b6

SHA256
7dd91fbd20698f72db7d750c2316519ab4e59136aa637054584409ddb27571a3

SHA512
b34802b359e0eee95f0a1967c2ce655f0c243e1741745649a62f858f4644c2f39afe49e060e219cd4c9b6afe98e4fcbed4538f0937a6c4d2d263cf3430810047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
12659788004d4a1b735b454b14b416cf

SHA1
8c841b30e11147f7a3137ea7573458bb8f141fc1

SHA256
fe415bc59c7eac289aff16f66c81327f527ad74e74d8407ad64bc6b2416773d3

SHA512
e592d58c546a992aad14344db0d55fece42c2f9baa5cfaef343890ada3aefb217ec03f60a967fc8f080372387d3a470c2cf317fbc00d373ab0fea717b64e8cf6

Download Submit