8cc00509015c3771d88da5e1bef94f9b7c25d1625ed7abeef69eeff47c73395f

Analysis

max time kernel
149s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 03:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea8ab25b1635c7c4530192609afd356c_JaffaCakes118.html
Size

24KB
MD5

ea8ab25b1635c7c4530192609afd356c
SHA1

08a28f63b0fbbc4fcd0c1a535e0ff5545ad5fc48
SHA256

8cc00509015c3771d88da5e1bef94f9b7c25d1625ed7abeef69eeff47c73395f
SHA512

8b8a85d694861858d86160d7b77cc291b09533751dab4ffc33e2ef9520e966e677f82845986675f7238a74fc31d5b7f2430dffd2288af836fb62e4b3e4a2ca6f
SSDEEP

768:1hN8BUPrssCQKIIacV2+s0escEoq3WRhw9:1hN8BUPrXCQKIIacVbs0escEoq3Ww9

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
2084	msedge.exe
2084	msedge.exe
4780	identity_helper.exe
4780	identity_helper.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 1248	2084	msedge.exe	82
PID 2084 wrote to memory of 1248	2084	msedge.exe	82
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4468	2084	msedge.exe	83
PID 2084 wrote to memory of 4300	2084	msedge.exe	84
PID 2084 wrote to memory of 4300	2084	msedge.exe	84
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85
PID 2084 wrote to memory of 1300	2084	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea8ab25b1635c7c4530192609afd356c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe80f946f8,0x7ffe80f94708,0x7ffe80f94718
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,181221675742546072,1483657975906980774,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,181221675742546072,1483657975906980774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,181221675742546072,1483657975906980774,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,181221675742546072,1483657975906980774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,181221675742546072,1483657975906980774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,181221675742546072,1483657975906980774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,181221675742546072,1483657975906980774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,181221675742546072,1483657975906980774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,181221675742546072,1483657975906980774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,181221675742546072,1483657975906980774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,181221675742546072,1483657975906980774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,181221675742546072,1483657975906980774,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
523B

MD5
7c138095330408c66025b789c1f38aed

SHA1
d10da3e69607fe5d211fc0fe67f4d4c447df1277

SHA256
0f3965cfa716e368af9b1863e65b133fd4a4b387889f03dff728b5f78c99c1bd

SHA512
f3880214a135090cdcc8077973180469525a51cdcfa09f81b13d40fbf798b437ef9ebc185e8db63dc99a4db1f6af2a4613f9973582efdcd42f2311ea710cb8b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b086c2733be8adac621ae2c9b85f220

SHA1
e14c0044ff4cadf8b9b257b269797ff5a94ed426

SHA256
dfcf87edcdf6babe15585fbaa2e5a3e5660fbb8b293d63b793800c018fb0656a

SHA512
1a48a0b78500aab41a9f36da52879e5b9951ff097fc8a2a105d307e75c5f10821dfe1d5ccc61da1c0840eae596d1ead9074671cf5b96127872b03bef6015571b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
09955b35dd446fda94384afd6134031d

SHA1
06aa3af7be3dce651f8dc8de5c2bbed960a247e5

SHA256
477dadae4c4ce20115956ed7742b7d952c4dec34bb9ea43387c27e1d3fbe310e

SHA512
16ec1a3439c0444cb8a25dd61118c7fbf5f2f2eea76596565cc5b54fb219b3c60f81ad46a914c9434745313801939145ea25468bda2e68b143cca9ffda8d4476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30f7ff799f7e324d254f5e9dfdfcd712

SHA1
18e2af51ed5266ab385ee205e15ce93dc95a3fa6

SHA256
1d0c66f6246e450a79307b5bc017b42b2f6cbe613d473522092b248f783f2f4f

SHA512
b55fea666cabf068f2f9d0d3eb82a392accf8fcc6042267e62df632a1be8cce645e8d73309644746ab4730c6b708c8698ffd888e5ea50f94849503537a9e5a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3178eea20f4bd9047f7cab1a72e422fc

SHA1
b1673a7f53598b65e41feef119ba03c76c7c72eb

SHA256
f34937921ec85c20aa86e207b9e94aa5b8e519beefa06702f363ae740c211e4b

SHA512
4ea0c9827d8ce2cefe600293901502275d87455044b2bdb0bb45ae9c18938118f8c355ce70d97dab3dd8efa2af00f549546db284304f4a7d6073d0d62d5d76b9

Download Submit