f247e5e2d67d18ece55f906be8398f6a06b2503adea58cf4c129a1f45795ab3a

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaa64a03b2bf06e96f778d93a0b7994a_JaffaCakes118.html
Size

4KB
MD5

eaa64a03b2bf06e96f778d93a0b7994a
SHA1

62b2aa65af3f87b7abfa7f52250ef4a367b42014
SHA256

f247e5e2d67d18ece55f906be8398f6a06b2503adea58cf4c129a1f45795ab3a
SHA512

ab1475799d5e858e4ecbce3c081deac4da31a9791ebd287a7dc59875b6ee3cc58fdb8890cdfadd3e2a1240b15dae605b797e50338acef4526b5f58288d17aee2
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8ovqnad:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDu

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
3880	msedge.exe
3880	msedge.exe
732	identity_helper.exe
732	identity_helper.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 4268	3880	msedge.exe	83
PID 3880 wrote to memory of 4268	3880	msedge.exe	83
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4584	3880	msedge.exe	84
PID 3880 wrote to memory of 4772	3880	msedge.exe	85
PID 3880 wrote to memory of 4772	3880	msedge.exe	85
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86
PID 3880 wrote to memory of 3212	3880	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eaa64a03b2bf06e96f778d93a0b7994a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9feca46f8,0x7ff9feca4708,0x7ff9feca4718
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,15927293695322646955,19415244907420697,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,15927293695322646955,19415244907420697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,15927293695322646955,19415244907420697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15927293695322646955,19415244907420697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15927293695322646955,19415244907420697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,15927293695322646955,19415244907420697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,15927293695322646955,19415244907420697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15927293695322646955,19415244907420697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15927293695322646955,19415244907420697,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15927293695322646955,19415244907420697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15927293695322646955,19415244907420697,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,15927293695322646955,19415244907420697,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
292B

MD5
7e7a0860245c5f2a6b5dacf82cb04c42

SHA1
6c55e2136cc278d69e5e683e6c34a668ebb66c19

SHA256
bb960fe390c7fdb33d0121fe957ae52b65fb01a8a9bffcf55653f3ef47a1ebec

SHA512
baf4d464342d224c309cdb6118c985539dfe3e22a1666e164ffab2b4a6be8b6c2a1962ca73627612d84b993d34a3a0e43595b7d0d0a81133e6b0f03eb340a03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4c356fe3a8700c508f26aab0d78f44d

SHA1
cd098dd331b63abc0295f62af93d3a876ea1ec3a

SHA256
a6a3c09a8ab1c80fffec3596709e871129840b22bab06b1b217ea4ed37ca4672

SHA512
8abdf0da1a9fff1a1ce199d3efe3c821e1804062d1690855327cde5f09696d944b4b54b5c21eb3f27e0a7aa2644ee80682f653b0067ba65ebfa6d65c80486069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce193176f056c380d5c5944f4b63d31d

SHA1
aa92c4698807264fa1e45f79fd741778a3f1f865

SHA256
5a98fe64121b76f89f3b82c893ae8a8776cde11ce1f9efbb31572b7e03ece331

SHA512
37bbd517fad35ea2134d1174e22e5bcb7ea7d404d51d95113206bed4a76405f9ddc5b5bdbb1db6a8f1a999391dfaa5d2ae9084314ade5fc2f2f15826e6a74594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
00db8fecd87600193c099a3af17161d7

SHA1
64f1f35f8e9cef8bef95ae8712f7e539a78aedb8

SHA256
503f4038b4f5fea008912fd31aba014562f566c9f364ca80a62d7ffb5cc482c5

SHA512
44dfd319259e85e2f0ada7a16817b2aa48f0b2dc4c64eb68ce511969ebf48111eca4d9388b2add0cd452a569a25a9dc033ce22c076f538ef45bed755c3d57bcb

Download Submit