a8c75ee25a7e6f6e66c7b3df62fc689600581fc3e85541da4031f2884bd704e0

Analysis

max time kernel
100s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15/09/2024, 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1c6b59c8a531fbc1c074be09fa049c9_JaffaCakes118.html
Size

53KB
MD5

e1c6b59c8a531fbc1c074be09fa049c9
SHA1

59e84d5d43ce4575386a930501707f5c3c38c520
SHA256

a8c75ee25a7e6f6e66c7b3df62fc689600581fc3e85541da4031f2884bd704e0
SHA512

8434273c5919a98f31d6952acf84e8234a7c9e2ba99610b75e8ab25d94918fa37f7d49468fcb0a334b50a4d00efbef8f4eed617d5401b1a0f75edb8404143f95
SSDEEP

1536:vSQz3kfBQ50ghNxgefN3MU39DMglNJfXwJ0:qdfBQigeefR9Dt+J0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
2012	msedge.exe
2012	msedge.exe
2508	identity_helper.exe
2508	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2732	2012	msedge.exe	83
PID 2012 wrote to memory of 2732	2012	msedge.exe	83
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 2184	2012	msedge.exe	84
PID 2012 wrote to memory of 4136	2012	msedge.exe	85
PID 2012 wrote to memory of 4136	2012	msedge.exe	85
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86
PID 2012 wrote to memory of 2592	2012	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e1c6b59c8a531fbc1c074be09fa049c9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91f3746f8,0x7ff91f374708,0x7ff91f374718
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6015811795616536212,12726910234473164727,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,6015811795616536212,12726910234473164727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,6015811795616536212,12726910234473164727,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6015811795616536212,12726910234473164727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2852 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6015811795616536212,12726910234473164727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2864 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,6015811795616536212,12726910234473164727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,6015811795616536212,12726910234473164727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6015811795616536212,12726910234473164727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6015811795616536212,12726910234473164727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6015811795616536212,12726910234473164727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6015811795616536212,12726910234473164727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6015811795616536212,12726910234473164727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2856 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6015811795616536212,12726910234473164727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
  2⤵
  PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
381B

MD5
47335e9ed2c31b99807e75c3492c4da4

SHA1
8d14bb3648a39a0439ee789bc16aedfad595ef84

SHA256
1d7437c6029c42cb501306ff409f5aaae33597a5aa7698cc5cc7487d33631ca1

SHA512
47b1a41647fd1a1b2ed8294cd8ec05f2eb2099cb2248abbc28cfa50e07d681f02fb06187dbe2265d418e5b75420826bd7dc491c95affaa5ba7c7c4411406986c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a4f761c822f003dfdfb22cca5a28845

SHA1
85d1038d52654387d6b78a468740b5a919652515

SHA256
76d202554323dd2b56b80c85485884c47bf38a34f2d3139ee01fd1c5ffa95b79

SHA512
9379fdd9f9bda0d0a585a4b0fd8b4774ad72107d7ff8b6573dcb3ca14cde5e5ec65011d1cd75b09b05cef28a8db3b53732a1754c6fced4bd69e738e575388a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bfe4bb380c78920e78b376e2825ac960

SHA1
125a67e198805399462f0ea6b680518082004251

SHA256
91b7639d1f6b8b14af70344ab8e239de4620bdedaf46972e5305585bba968574

SHA512
91c1415e03200205c0e502a926756864421124f1ec88d4d47710e5bcd820de7e19b1d189a4af9181e5640cc2d5e62ce9bd1d528b2c029ef470725e9481b78a86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
504e42c063123068e9d8b222f2c98938

SHA1
af19827607b9432c72593924e35a85caf3d741df

SHA256
1c15e9206351e6cee799c3c36bb63cc5d5bd8c0f97187779b980a928b1f1b49a

SHA512
bbfb538cfb9299ddd5bc84ebd3cc3c60007245888b4415f119a1f3e715f7da26b3b13fb6714255b7a86d9b54beb46a1aaa95f5cf30fe8cd11ea2ef358dc07c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31ea8562b093b2c35f54f5bf07c0f153

SHA1
6d6351897d455019af193f81312bb61eff72d01a

SHA256
94d7b4bd221167d19e94cdca6130222379878ecd9439f8116447c03ebd52fa33

SHA512
9ab8ba6e1ab82729e204bf0504d1dbe5dd67ba3b08d8adaf695059908317c79a3b294f4e535b291cb04aa62abac825ec2c9ad639368897c284a3e9c959481577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e59f7d5e46fa767ba1ba8c84077a39e

SHA1
438d30c4de021a6e1575e454da7e7ca4fbbe80db

SHA256
04614ee90712c27607a194ca711d7bfb9dd40da82cb25714044b8323a1c320c5

SHA512
8387f3fe5b33ee590206ecb9bc8716dc9cca82816d71598106ab721f931877522e5b73abc12e17c425b2c74134c80d9386758aab490d6a8f96dd63ac40605d4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
80e46bb97517d1404035a44e229ce834

SHA1
512d5aa52995550b65219eb086082da97700d314

SHA256
7ddccf428cb1271905dd3de5d4e79bb46f016fa084a0712d26628c78fb5016e3

SHA512
ed18d71d4d95308c8620ebb3c2897ccb99c40843260a38c860da48fcc29defdae1866f02d49a13ac8d280cde51bc319c08c3f6fc31d7c4f9c8bb6d0ae79d47a9

Download Submit