b829162b76cb04dce2c862c7151db4d0d71e2495a17172ec66035cce7b30502f

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ded5974da2e55550019c2e60578c2f08_JaffaCakes118.html
Size

4KB
MD5

ded5974da2e55550019c2e60578c2f08
SHA1

6c7087520348cd2c3dc7076e3a2b1ea6e02188e9
SHA256

b829162b76cb04dce2c862c7151db4d0d71e2495a17172ec66035cce7b30502f
SHA512

e7ade1617aba491044c9bc048172a8774300c7e864f902ad5c812af66301786968085b0b6a0d93d6a65c8a4270916ee3c6936a740a503ba68e24c166fd13d3ea
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oo6Pd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDM

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
2308	msedge.exe
2308	msedge.exe
5088	identity_helper.exe
5088	identity_helper.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2316	2308	msedge.exe	83
PID 2308 wrote to memory of 2316	2308	msedge.exe	83
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 2140	2308	msedge.exe	84
PID 2308 wrote to memory of 5044	2308	msedge.exe	85
PID 2308 wrote to memory of 5044	2308	msedge.exe	85
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86
PID 2308 wrote to memory of 3708	2308	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ded5974da2e55550019c2e60578c2f08_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff07c146f8,0x7fff07c14708,0x7fff07c14718
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3828793192351738243,3750962295274901700,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,3828793192351738243,3750962295274901700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,3828793192351738243,3750962295274901700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3828793192351738243,3750962295274901700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3828793192351738243,3750962295274901700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3828793192351738243,3750962295274901700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3828793192351738243,3750962295274901700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3828793192351738243,3750962295274901700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3828793192351738243,3750962295274901700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3828793192351738243,3750962295274901700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3828793192351738243,3750962295274901700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3828793192351738243,3750962295274901700,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3340 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
292B

MD5
1ee2251cd2c1d87f08f8ca3d1d42ab1b

SHA1
1cff45035ec1b0cb05756461d53db8f434781aa5

SHA256
0caab95e834658ee1922badec970a8243aa206c523a5359db8022ee2ac5877a2

SHA512
5528c7e08401e72bebe97e460872a255a6c41d49488cde9ec4dc3e4420da3905d974172b5690612581935c798deb8fc0de4d94f0a0626a5fd2c205f1ce0827f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34042c850f3246575b8034cb60813f81

SHA1
0c484d5ca05ef6ea92ea376ed7effb387618d3ec

SHA256
55121cc87f1ec89d8f0371dc9def298384cec88c5f623d81332464630cca657e

SHA512
6e6d9d5968aa314e25d8564c9daae97618c03c9bb7d3f59dba1b5eaa4f04491a6f04606e910c8ee0f3e575672abfc9351e2e3951e4f741804861f9fdb3bc6382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9d026275f7d2412e26c3c417fa11e2c2

SHA1
a4844ffd4d48a6d423ec160fda5ff0069d4ef400

SHA256
8e44884dc772d3409def1c9353b717476b73cd32f2d99865750ef51b3fed010d

SHA512
b09b6d82312f258f7d49e89cd2e9e60d090d1244d839217403b3474c3442a02acd0b99ec013b5bd4549a6655a7c5e240c463675846714252b8e501cb40138224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3b0c9265eca5f50c32d7d81608586a88

SHA1
f012eda6c8f788780f1304efbda29c2924618df9

SHA256
47ba50384ac2bb90731342af79af71e8c404a8b70e1bc6329436cd7f7b96d4ca

SHA512
2de4dbbfa75207326655ba62f96925dfad8d1acb1aca7dcebaeb853c5bb621f59caf42eda8de5b0b2c2753b35c8c8772f4800907dc4c5ab1431f1a904d95ffd7

Download Submit