c7b042b2a3784f390a22e910ffbd6ee05029ebd70393c26a22d08cc1ca59f66d

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15/09/2024, 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1834761089bb1327474d97d5c71ec48_JaffaCakes118.html
Size

50KB
MD5

e1834761089bb1327474d97d5c71ec48
SHA1

f24484aa88132f0a6ce5a26d848d8bd3369e1513
SHA256

c7b042b2a3784f390a22e910ffbd6ee05029ebd70393c26a22d08cc1ca59f66d
SHA512

419c99f959588b28c84a15d9c5d6dfa88f3da4c271f95b07a29b181c54d2b464fe006c9019943cc587c9d3af110f851b50094ba93eb7101592d8860e52f0c248
SSDEEP

1536:ttKqUJfwaQivhtjOOTTrDZaMkvww26rar7:ttK4ArBD02Em

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
836	msedge.exe
836	msedge.exe
1208	msedge.exe
1208	msedge.exe
3012	identity_helper.exe
3012	identity_helper.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 2208	1208	msedge.exe	83
PID 1208 wrote to memory of 2208	1208	msedge.exe	83
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 60	1208	msedge.exe	84
PID 1208 wrote to memory of 836	1208	msedge.exe	85
PID 1208 wrote to memory of 836	1208	msedge.exe	85
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86
PID 1208 wrote to memory of 2944	1208	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e1834761089bb1327474d97d5c71ec48_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf51a46f8,0x7ffbf51a4708,0x7ffbf51a4718
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2280,4045899955953893213,12679058757619198801,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2280,4045899955953893213,12679058757619198801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2280,4045899955953893213,12679058757619198801,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,4045899955953893213,12679058757619198801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,4045899955953893213,12679058757619198801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2280,4045899955953893213,12679058757619198801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2280,4045899955953893213,12679058757619198801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,4045899955953893213,12679058757619198801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,4045899955953893213,12679058757619198801,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,4045899955953893213,12679058757619198801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,4045899955953893213,12679058757619198801,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2280,4045899955953893213,12679058757619198801,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5532 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
588B

MD5
33ac147a3c4076b7819de9a5ecbb191f

SHA1
4a7eae9bd0c53624d7c7b40daa39bfff4a3168fc

SHA256
7fe8106a2efb457240b2c95c0f95bd6d5b6c6d723409de088116cd488f67c369

SHA512
4b43d35e0cb90cad00e94a9214f858d8ca01032a5febfad79b2b7a32d45e37676e6d61273888b0194cf2e26f5a96f0268e533acdca9da81f30235b695d70961c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1c8b7b53d25dd740bf79ac59a98389ec

SHA1
0002751e5e955c37c6c6f08f6ff19b7cef2adfe8

SHA256
5d5f03cea2c17e64e3b9a3c28bd0974adc345fd4de5e9d9d82209ca85b586ef2

SHA512
e53b6c0577fa0d77626f0a2dd68a704d5fb110419f01d97bb90aae9734eb8fefda54953a095dedbddffa67e65cdc1d8220982c7ed54e8f6183b96d1bf4649d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e367a66f364de8a6395ef27cca060c71

SHA1
d1def9981c5291700c6f12b9d0a23a08ec27f104

SHA256
7b4bf9a3b2134a467e7d580aa5037f104ed9f9b6ad8ed218b10fc0e410795606

SHA512
c695a09a391a67e03b36b2ecedfb7264de11a0ceec9fa459d6aeb2eda756b49f3d67af91a4ab8a639657513683795baa2b8ccb644b3edefe6249a0f358b366ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0c6cf6def213d1e10077cf2e1a38173

SHA1
bca0ff4880c0ab8ebe788766707ebeef68b44cf4

SHA256
4669fd0f82df83425ab74c03095becb81df4045be0e724c23064c411da1b81a1

SHA512
b517105d224692da341f0e1297eabcbca76738cb02ef61514f8c64ad235cc66e5c93582a13ba55a1ae78c08852c8d4eb840fbd050d2106d4f043a344ba8b881d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
a3161f203d11629effeaa2ab80e4bdb0

SHA1
7558f5a9d2741c1cda1a51e36494ae43e395df2c

SHA256
8882a6382aa29c167273779d14705c7bf730a001ff600e1e5032e936cab92ae0

SHA512
75e06cd0742a91a4d74828f32e6e4d78bc9bed5c0a01df622f723bc3974721249fb9bdf9f3a6ad5fadc34886b69b0cffcd67f6eb29000d73518cec93f3b620fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5849d5.TMP

Filesize
706B

MD5
c2bf27f44bf120cc8abf6dcdf11a10db

SHA1
fad7e1a583f07466afbf584ec95f607c7783f9ca

SHA256
1beb2b7bdad7caf87e68ef71f9301ac6103be3948ea6c97ee9b5c84e4fbea7e5

SHA512
e75cd7d9daf923ca6945bae152172b28f43b4f905027116c2e066dae26a1092f3efe8064b5e102994a8b37b5de59fcb9bf33e087eb2096d091bef1d0859c3d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
54a29090bcf3d87de8e8d2445832abd8

SHA1
d1b52c9e60302af248bddb3ce4d9d312f1489a7c

SHA256
8d25f813e2cfe8429126b22b371bc62fd04e99453515cd1cbcde02f2212fb903

SHA512
ea249c4ff09e189fc74f84995c891c73943d758e556accf04d6de96d3043376cfaecc91c1c20174ae6c73fcfd413ce531336a84ba58daf85b260bb7b25998402

Download Submit