efe4f8ddcf9ac3d345c4425255244f1f17e9dd8bafc3d29beba9b16737f89f8b

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 07:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ead2e8c21f299e85d188fdcec8180d70_JaffaCakes118.html
Size

29KB
MD5

ead2e8c21f299e85d188fdcec8180d70
SHA1

ea07db65202f941d2221074ef8061b7d32e9ce55
SHA256

efe4f8ddcf9ac3d345c4425255244f1f17e9dd8bafc3d29beba9b16737f89f8b
SHA512

5ed8d82dfbf1945a08ca08272874416cf0d990850a97c4b301eb9ca01b5053ba9ded99321a961671c9cd17ee41047a4daa8ea6daf86aefcc689a6557cee5dfb7
SSDEEP

768:Gjuc6IVLV0pBUXnW4WXY4YHIlVSzXF3K/N/hl14YKPnPC:GbB0pBYnWz7dSzXF32N/PKn6

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
1152	msedge.exe
1152	msedge.exe
3856	identity_helper.exe
3856	identity_helper.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 3448	2084	msedge.exe	82
PID 2084 wrote to memory of 3448	2084	msedge.exe	82
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 384	2084	msedge.exe	83
PID 2084 wrote to memory of 1152	2084	msedge.exe	84
PID 2084 wrote to memory of 1152	2084	msedge.exe	84
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85
PID 2084 wrote to memory of 5096	2084	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ead2e8c21f299e85d188fdcec8180d70_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6c5646f8,0x7ffc6c564708,0x7ffc6c564718
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13429848279855699569,4127340248678658935,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13429848279855699569,4127340248678658935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,13429848279855699569,4127340248678658935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13429848279855699569,4127340248678658935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2852 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13429848279855699569,4127340248678658935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2864 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13429848279855699569,4127340248678658935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13429848279855699569,4127340248678658935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13429848279855699569,4127340248678658935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13429848279855699569,4127340248678658935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13429848279855699569,4127340248678658935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13429848279855699569,4127340248678658935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13429848279855699569,4127340248678658935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
718B

MD5
d8637639a82e8982106afbeb45dda274

SHA1
4c9b1b12c4aa2f6d44ec9c26f94d8e49ebf93d20

SHA256
208a083b307c3cffe18a6d6e05c74fcc2325310a41d2f5297c6fa2b45e6e6e91

SHA512
644607abbb4920868f2c78ef5cba89227e86121f12f1eb79819be9d46856bb718e323360bcc6972ff81910f2d62a8235704828f801bf9b11fca4cc28ce40a3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fa79bfea97678916be061b8b557385d7

SHA1
34d7b1dbdddbed1432c1d1bd6b5cece355f3ab88

SHA256
5ce8d76756981483ddd0cfcdbf9ba49f485559ad95791b53c3bd865afb76c2bb

SHA512
534a9c2b495eff6db2ec1dbf032b505cf0923a7ee4e5204035957fb842714237101865fb971f41cc1b2b32c37460d19fd7ac88d0b31d25ca7bf5d29a6b053baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e43df2ce94ac89320ffc8dd1c6061897

SHA1
d24ecc383996373d7a3c1f3a439c4605659408a7

SHA256
84f319696fd7fbf6e04c60b4b482d07cf4c0f93344f05a5afccc41b9d6070878

SHA512
ce60322df9154fc38694253f7cac16dfad5cb0b021e8fc5b1b2c9b8a426cebd5c9a3b388f9d72f2c396a17aac23a4310d654cd2865ad49bcf990149035d7a4ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4547b311095a9d9b332741d7cab3281

SHA1
379cd241fe26750740d38d08d5fbf3369df3d749

SHA256
979af186a3f3dbd040b3445bd9f6f20d5c7e0762c49836c53a61e7d96ebbd799

SHA512
1416035c60bce1a4129fc17d114d09ac74f6212fccc9d0da549c9589852a96fe55ac75b04529e983e70bed803f620a969b5e99e48d486917da300137f8c42b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f7c8054b33330b8f6877609cf73c1c53

SHA1
f9b3f6b476de34579fa6c219f1f0faa1f3d939be

SHA256
6f79ec064279040ae1db8c14fbd1e573d4ba066428b265f17aace257b45774ee

SHA512
2c9a19ab6adcb61307f98a660a2c4b1e0f7584ff76ced445831d224552e2affa3a25bc8269ce4417e9d223d240c6673040b8e0f77fd295b7265aab7afacd722e

Download Submit