ca499f4b6a3251f020f22c1643bb8ce4ab74136c2b8ddb948116496ba8a5a151

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaa189c45a725c74f705341551111df2_JaffaCakes118.html
Size

3KB
MD5

eaa189c45a725c74f705341551111df2
SHA1

30d33f89133cd9106f22a8d708976b78530e9f33
SHA256

ca499f4b6a3251f020f22c1643bb8ce4ab74136c2b8ddb948116496ba8a5a151
SHA512

59470a49cc888382bec68b8dd5aadca360291e1582a0608e1838050523236b135b565e24591f4dc005d60ea87df45144a8e4aa2bc766e8af0d37277cb98a3dff

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3716	msedge.exe
3716	msedge.exe
4676	msedge.exe
4676	msedge.exe
968	identity_helper.exe
968	identity_helper.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 2136	4676	msedge.exe	82
PID 4676 wrote to memory of 2136	4676	msedge.exe	82
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 2176	4676	msedge.exe	83
PID 4676 wrote to memory of 3716	4676	msedge.exe	84
PID 4676 wrote to memory of 3716	4676	msedge.exe	84
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eaa189c45a725c74f705341551111df2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa50b46f8,0x7fffa50b4708,0x7fffa50b4718
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,10579770019653112717,17615755229497673290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,10579770019653112717,17615755229497673290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,10579770019653112717,17615755229497673290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,10579770019653112717,17615755229497673290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,10579770019653112717,17615755229497673290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,10579770019653112717,17615755229497673290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,10579770019653112717,17615755229497673290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,10579770019653112717,17615755229497673290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,10579770019653112717,17615755229497673290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,10579770019653112717,17615755229497673290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,10579770019653112717,17615755229497673290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,10579770019653112717,17615755229497673290,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7d0a4fbc-50c3-40d6-91c5-2abf1c7ae947.tmp

Filesize
5KB

MD5
e312a59cffe4593053c715e7b227a408

SHA1
90b69861d7f8e2168f4e2147736d074f0b81e4c5

SHA256
2ac93182c4eded06185e11122e3639b295bdb079695e7dd048ed459c30fcfef5

SHA512
a26a5b2f51a7a871067b73d13ca5cfe22aca8831fa262c719ee68502883af2c41a6691ee81d8e5b44a53a2825a671a38f2e24b1a51c6e845efa63a01cd518282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
276B

MD5
63e94862b42530f86676ad4d8dad984d

SHA1
3fd2230f79711e641c7d8bc1fc8f6d671319aec8

SHA256
02bd271fbf1d8f8cfeb229ec24d7bfb1c261116853c2e66a3f5d0b3536f59a25

SHA512
8f57ba1d96f3a97a7867f7eb43efd22baea3a78766fd88e87affcbc1e2e1699de833cbe9d78d22fa784ebf9602bd2006ee315ea13aebbcb79b56ec137c7a5aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44371840a217f3f631247723eddfdf79

SHA1
6fb8ac9144f8dda7a5303afb378495444b1b2f95

SHA256
507cc3eb8d47e5a62d2035df15f772d4a6e2d14a33412e974c0ab6c1d1f7fd50

SHA512
874d11348ff10e3516807ead5516fe832cfc467deca34256d4fdc686f88fa09d8b57ba9a55be5f35beb65e9d12701ecd97180f331fc23dba018756f47a82b268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
221954204668e2231cbcd4f1f49d97e5

SHA1
569edafabc713e62d26a6714cd6ffe311ac814ff

SHA256
df19c1a5a9160d4e7494c7f07c82822e46de7c16be64e665a5fb030d03efb01e

SHA512
5dd67440aaf45e57b13a4755ec6328892d16d0926ec12588822121fa524458ec053c3287030fb019859368ed3ce555323c64a40d210051114d34e2110ceccb55

Download Submit