617679d123e453fe94a73baf3281d9b8b7b338bde3c69bae96e1cde50ec46a55

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaae5e8e6f7641c844cbadd19c575d7a_JaffaCakes118.html
Size

54KB
MD5

eaae5e8e6f7641c844cbadd19c575d7a
SHA1

fd36426388d7b99cf6f258177bfc45f1c7957a38
SHA256

617679d123e453fe94a73baf3281d9b8b7b338bde3c69bae96e1cde50ec46a55
SHA512

0c6aa65d8f1d6fa53f001e14279a6ffafde912171ab94931b144dd01aec3371338efa71ed7ad8e364bcf09c5764a273d889c7165bb23a69df32293a4826840a1
SSDEEP

1536:wZ36qFF4G58eB/p1kQXmNRSqODSlFmp0DOfStOP:efS4p1kQXmNRSqllFmp0DOfStOP

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
552	msedge.exe
552	msedge.exe
3064	msedge.exe
3064	msedge.exe
100	identity_helper.exe
100	identity_helper.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2472	3064	msedge.exe	82
PID 3064 wrote to memory of 2472	3064	msedge.exe	82
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 368	3064	msedge.exe	83
PID 3064 wrote to memory of 552	3064	msedge.exe	84
PID 3064 wrote to memory of 552	3064	msedge.exe	84
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85
PID 3064 wrote to memory of 3672	3064	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eaae5e8e6f7641c844cbadd19c575d7a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff204346f8,0x7fff20434708,0x7fff20434718
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3433385326363522481,1977147773833839363,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3433385326363522481,1977147773833839363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,3433385326363522481,1977147773833839363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3433385326363522481,1977147773833839363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3433385326363522481,1977147773833839363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3433385326363522481,1977147773833839363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3433385326363522481,1977147773833839363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3433385326363522481,1977147773833839363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3433385326363522481,1977147773833839363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3433385326363522481,1977147773833839363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3433385326363522481,1977147773833839363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3433385326363522481,1977147773833839363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3433385326363522481,1977147773833839363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3433385326363522481,1977147773833839363,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
0f823cf4519629dd4a7a06c764abdaa6

SHA1
76ba5e5d634165f11cac90a8327f929a965d2f82

SHA256
a7ccc5c58ce815f99842cc4ea4c140f99c3a3fbc2573e96d30a223deb958b34a

SHA512
7cd0e664816a0d00cb840c948b5185484433b5ec35fd0f91443892b3f0be99bcf08bceb8a32a7cd0caa38298c39cb9dbf270eb9180736ca1bd7cfe2c986b0cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b86ac4fe64675fd147a1e8c066fdc874

SHA1
bcb9c077be51645091cd702505fd062411d4b76b

SHA256
2e3c8b2b4bf86eae29e69872eb0444492404bad5d27b9b0996b2f02c2423cb25

SHA512
25ce2fcb4c5d4fccca3c45925d691b797b18d7bf66f53c5d4e38cc3d935fafe54edcb99d81543e5f5686cfc74080558af41c760d0d08e56ba4192b719c0f8388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c373ef8c22612f3543a9db357eae1912

SHA1
72222b35a81aee0d8b78512b692fe6fb5b509f84

SHA256
cce0c02a80093f1a7b81e4b04990a099e50f7a84fbf7b6260bc47c9187b56044

SHA512
df40ee04857b20cc4060a6df8b334787539478ca43a3f3655b60b0bbbf20d3a4732b29660612c2a75857cbd7549422f74171f0f61a8ce220f8659e60efe174b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
808eedc249a808218cb48daa2551fb80

SHA1
199a178f41909918b4594529250bdb61f7398b31

SHA256
75d3ffa6d808f8ca3048e79ddd9af940046f898f38ffce6417cb752f335e55ec

SHA512
099b3c69f0c8edd7f80392bbb770dd3c39062816ffd7ef4f0fc84643cf55333e047e3a2426365f17134aa52e82e6b50a5ea0b8f1b79218d41ded71897c853899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
79dc27f37cbabd78ca991126be48aca9

SHA1
4a25209aa61d37f0eeac8bef240d7c9390cfca9d

SHA256
8944645be5ae063ea5a02b4ab1c5013fe7c4a9e110ea392dd921f774d50fc47c

SHA512
7bbb55006324228498e629858cd748c8dead7b604721c4895f06d6d09251f490645c99154319b235a3d968294d7911223a28c3987120044781d688db9946dd7f

Download Submit