a2345fabf7bd3791c952bcc0f29c1faf1037dd0553c7cabba9feacdff1f61b60

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaaedd045543c78dedc7b9b8999ff4f3_JaffaCakes118.html
Size

36KB
MD5

eaaedd045543c78dedc7b9b8999ff4f3
SHA1

8efebd22dfb4bc577355e22f63d3d8e7f19c4075
SHA256

a2345fabf7bd3791c952bcc0f29c1faf1037dd0553c7cabba9feacdff1f61b60
SHA512

c84080a766e833d5fb195796c1988ba1dd459264882ae432b410c9911657d7fa1fa07c4170eb3422e848fe9f9fb4880c7a04f62cd8bbf99decf429ec3a35a5aa
SSDEEP

768:zwx/MDTH5h88hARNZPX0E1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TyZO+6cLV6OxJyk:Q/7bJxNV0u6SF/j8bK

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
2368	msedge.exe
2368	msedge.exe
2460	identity_helper.exe
2460	identity_helper.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 4588	2368	msedge.exe	84
PID 2368 wrote to memory of 4588	2368	msedge.exe	84
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 1004	2368	msedge.exe	85
PID 2368 wrote to memory of 3048	2368	msedge.exe	86
PID 2368 wrote to memory of 3048	2368	msedge.exe	86
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87
PID 2368 wrote to memory of 4948	2368	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eaaedd045543c78dedc7b9b8999ff4f3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdcac46f8,0x7fffdcac4708,0x7fffdcac4718
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1558325870329029387,7263142433595129290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,1558325870329029387,7263142433595129290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,1558325870329029387,7263142433595129290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1558325870329029387,7263142433595129290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1558325870329029387,7263142433595129290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1558325870329029387,7263142433595129290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1558325870329029387,7263142433595129290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1558325870329029387,7263142433595129290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1558325870329029387,7263142433595129290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1558325870329029387,7263142433595129290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1558325870329029387,7263142433595129290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1558325870329029387,7263142433595129290,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
614B

MD5
5b69eddc4c0adf82bb29fe348cadd44d

SHA1
d9c4c7bc895912c7669b73a9e09b505bb9141807

SHA256
9f394198ca2a2b50c52786bdd1c7ce472f290717dd66678ae77ee102809e8f9e

SHA512
6e72d161d0a14908ae733766667fa2030e52fba6f7c6edd3175b54bd66333439c81ef666741ac63abf59b36da8ae044dd6b4027556e3d90ffc324cc8ba1ae8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62dd0ecdec655e9698005cea0094fbd4

SHA1
4f3d033ae4d509a139a33c925e8cf834d25b62ef

SHA256
271eb170f8268c67f95efe87ef84f5c027202ce0057bfcf1c0ebd8b6e3bc8e45

SHA512
fb745bc7044959d7f990797589480c69d601964d949494815dad2a45ca257b429189f3a363150dfcf37b69e74dbe02dd8e9134e05481e9002fad2455e5ec0240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4cd581403b61e75b2307468fc8b7093e

SHA1
3163acb636ed235ec698442eebc05f080b62eefe

SHA256
386c1b6985987e510133588bc442c43500056efe9cb9f5b1d17124eab022f21a

SHA512
bc490982a449d9158c481eb02e7eac572a198886fdd04d65efd5d76f4f49f2cd9d743568ebf5979a759d5810dd2b64426004e3b69eda916ae93027620ea3a730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8abe2c484c5bce118b1f84882a326de3

SHA1
64036ae6fc3cb5038de66139aa71792a8a4c6f3a

SHA256
c7cd291a289040c1c6a785873a0018a2a1f4ebbd5c82ebf2a93cc788dc2489f5

SHA512
7713e4532f38c78ded2b5662424f5ae6dd5ac0d45705bc879fe58028808b22eb720a7d9d9beac4943b2692e283cf40ecae90dfc54016564bd5d3c08f6f3df909

Download Submit