974ba953e19a73e40f9e2e2e521f728363286c42dd09f49a7eea70716e66621c

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebb51be7f8846c9ca07a622bab6236e1_JaffaCakes118.html
Size

4KB
MD5

ebb51be7f8846c9ca07a622bab6236e1
SHA1

6f439ca074894c1716fd1c1aadf79edeef828660
SHA256

974ba953e19a73e40f9e2e2e521f728363286c42dd09f49a7eea70716e66621c
SHA512

65b030f5754156db7eb1d4c382ad15b6a05798dcff31c18e1f70107ac07eb1b1b5ecad67298ee9299c1d07ccfdaeef8451dac51ec36d2241eb8ba973cf5b853e
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oKeRx1d:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDq

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2052	msedge.exe
2052	msedge.exe
1320	msedge.exe
1320	msedge.exe
2348	identity_helper.exe
2348	identity_helper.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 1740	1320	msedge.exe	84
PID 1320 wrote to memory of 1740	1320	msedge.exe	84
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 3520	1320	msedge.exe	85
PID 1320 wrote to memory of 2052	1320	msedge.exe	86
PID 1320 wrote to memory of 2052	1320	msedge.exe	86
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87
PID 1320 wrote to memory of 2060	1320	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ebb51be7f8846c9ca07a622bab6236e1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xa8,0x108,0x7ffd582646f8,0x7ffd58264708,0x7ffd58264718
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5483705793484014387,8698107113281945258,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5483705793484014387,8698107113281945258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5483705793484014387,8698107113281945258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5483705793484014387,8698107113281945258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5483705793484014387,8698107113281945258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5483705793484014387,8698107113281945258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5483705793484014387,8698107113281945258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5483705793484014387,8698107113281945258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5483705793484014387,8698107113281945258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5483705793484014387,8698107113281945258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5483705793484014387,8698107113281945258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5483705793484014387,8698107113281945258,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
292B

MD5
7ded15ffaa2567c8405c0810b5c07936

SHA1
e5e69014f02f957368cbe731bf0d50bcf11d370f

SHA256
89833490c2c988502b9b81a22aa90e34425fd6cc71c6a76af7cb959cd5f7f121

SHA512
c7aa3b59b83441af8e4d33d6a0cbdc7305d1a36e0fd1bec3e0e9f66e01455e005fa866ffbae7495bf95fc08ec585db1404dc7d36099965e3b0fad00d8d84fd10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6d9c0b0d21f527f42cb62894d2530b37

SHA1
37e0b321b477f2d67bf999ff2fd8f82666f77fc2

SHA256
aeae61e2905e97b0439391f1b38a2ebc130217ce63f6325311141e501bda3718

SHA512
9afec4fb559f566e71177a698cfeb2e54ebf502f83797e81b7ad85504fa7854e51f42a4ccc8df9d48b75a045b0f80dd9218a37e7b94b1807cd013beb3917d0f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ff0c3a7fc04c59f5181dfad1fc2fe00

SHA1
e6093a5a7af8b067b4c4ab39a8e48bb3464e7475

SHA256
9682693ee53aa273195d9e47ea4504c0c0385dce579241c923c7ae392959b025

SHA512
31f853d26f244fef5b4659ccb71b3921de546e19923425db0477955d956727e86be77f238ddd8ecb4e30b69e36c66f16b1292a167aaa1202d06e08a1a9401522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4e80f9fcf0d35163b34b7e1fc1bac7a2

SHA1
1269356c048a51be508738a2a338a14cdae58b83

SHA256
4162499ab362b7db0ac398b3f869278724552f1d4b495927526dc6d30d39d9b1

SHA512
7ebd3b51f7f1dd167d48f49ee44b8471432b8e7a9cbe7f4a44584b23d67fee59c325a7302284d65caf5bfa99a2c82ef4196ca8d4df5a1fcfaca3b61016348457

Download Submit