0caa6d5189db9e7203c80880e2ba9ea257dafda752c256bb2065f8a23dec72df

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-09-2024 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff66f919a2c6aac51f0c106d332eeb50_JaffaCakes118.html
Size

1KB
MD5

ff66f919a2c6aac51f0c106d332eeb50
SHA1

3957a9f2cc41a234edec17d2edc0fddebcf21c28
SHA256

0caa6d5189db9e7203c80880e2ba9ea257dafda752c256bb2065f8a23dec72df
SHA512

6fe89da71246f788f746875f0d34be99905369bb10d9953c452decb8db1f081766c6528ac96347eec3d4878037056f4fa05eda0d3d30befe983d7762602befa7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3860	msedge.exe
3860	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3892	identity_helper.exe
3892	identity_helper.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 4552	3616	msedge.exe	82
PID 3616 wrote to memory of 4552	3616	msedge.exe	82
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3040	3616	msedge.exe	83
PID 3616 wrote to memory of 3860	3616	msedge.exe	84
PID 3616 wrote to memory of 3860	3616	msedge.exe	84
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85
PID 3616 wrote to memory of 3612	3616	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ff66f919a2c6aac51f0c106d332eeb50_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebc3c46f8,0x7ffebc3c4708,0x7ffebc3c4718
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2498614533570699862,12410481028666828293,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2498614533570699862,12410481028666828293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2498614533570699862,12410481028666828293,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2498614533570699862,12410481028666828293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2498614533570699862,12410481028666828293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2498614533570699862,12410481028666828293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2498614533570699862,12410481028666828293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2498614533570699862,12410481028666828293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2498614533570699862,12410481028666828293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2498614533570699862,12410481028666828293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2498614533570699862,12410481028666828293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2498614533570699862,12410481028666828293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2498614533570699862,12410481028666828293,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
917d4dd6d6c20428ee5d2bc67500b825

SHA1
0d1f37fb5cb376e4dafdf68b0358a3c25677b65e

SHA256
f700e51d3d8a0197e29a6953d9a5317c15b17cb43178c2066c5e5d43c0676e87

SHA512
86bf23c28c5480fe79fb4d394e0cd6d2e442fadf711a31a0984bb0a1e310790ddfa2e237aa74dd647233d8ab5cd0d19cce8e23b86486004ad6cad4416a70f6ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
333B

MD5
454a117ef89ce7271b4d0ad19f7383d9

SHA1
840ab1b206efcabf3b816739c9f407f68776c8c9

SHA256
23598b004bb03fb92502b248186f9284e9a186d93b747a761412cca5c52db489

SHA512
d237c2c12ce87bd6a27228a94db58a53c74de3e7b6e688aac4579d4b2027167d013e95f3bae0243175c72a8b3f662c0b265de934ce619a30b96f1f027add745f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
62d4be493a64992da940d9fd06cb0828

SHA1
29156e0e8cf23256296fbedbbbdc7ccb82ac0c2b

SHA256
36c9da1050153b3b12e70450f501ebb8a30372902e1f91268c7e4f3d699e5bc3

SHA512
0ce9b561b48b37c29f67d64d886e2ab13a4dec7e50600725937a1d5073a5b2706b7e3f9ede3f7fede077c139cf9efe92bfb52956502767acccf118cab4d0a9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65e7ba18f490258d7643907ee46ab059

SHA1
e46178462da8a3c3ea775f9c4c57e996311a15c3

SHA256
8b41bceb7d672bc4b6fe1c29b9b6a84ffd704dcaa2c2e6e04e3ed7a670270e89

SHA512
9277d67f0ca92bec4b07300e9291472795a50c279d56ddd6202bf961ddb3c662a37d7a643a771026c3a208d80de582885e06adeeb4ca12e26eed7bb6581ab6c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7691ad7d4500ca0a1c31fd89c69be75d

SHA1
ada46d520ba5823e43cb4887160215f06f5690a8

SHA256
cfbaa6d04e3f2d518baf03ccf6ca8164e576907a100861a6ab9605e2553885b5

SHA512
fb05a67de49617bb863104e37dac4aee30eccf8f2012a4bfd1d2fb5b7176947bbbf1c4956597a036362d5d7b9b95284b21ef270c3133f4b70c10a3af189582cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a1150fdc3acc8fb18816a9dd73086e87

SHA1
b979402f4859b0f6cdf2f837755026a4498c4f57

SHA256
bd8d571fa6f204179c09008848cb111195430b87feb1dd9dccbd72cc92d3a6b6

SHA512
e0cc1d7200e5e660ddc02bba1d44c16353ef3c45334980ad7a6d6b2699cb7b2e94cf27d558bbbcb0f46c2c1b5345bcab1dff35206e0a988cfc7ddd2aae855ba8

Download Submit