b5a20b72ff50c574fca8619105948b49e0808552414629edc71de5780838d0cd

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 17:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0278ff95b8c80b433211b9acd67fab9d_JaffaCakes118.html
Size

34KB
MD5

0278ff95b8c80b433211b9acd67fab9d
SHA1

9f1511344cea3952f87999bea353d3c2b10d00cf
SHA256

b5a20b72ff50c574fca8619105948b49e0808552414629edc71de5780838d0cd
SHA512

cbb656d673fa8dff3c33497dc60b49f1c0270e59f02872c0df3d4011e6b735093a8d6f6f4961e291bcf2ebeef9c5da5e58a7716e2c4500370fb0fb40a8be313a
SSDEEP

768:zqLx4eiDMJ0wByyWNqslfeGspLeFO+5y+YtOcEe:mLeBMawB1tXtOcEe

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3776	msedge.exe
3776	msedge.exe
5048	identity_helper.exe
5048	identity_helper.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3776 wrote to memory of 3312	3776	msedge.exe	84
PID 3776 wrote to memory of 3312	3776	msedge.exe	84
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 2068	3776	msedge.exe	85
PID 3776 wrote to memory of 3336	3776	msedge.exe	86
PID 3776 wrote to memory of 3336	3776	msedge.exe	86
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87
PID 3776 wrote to memory of 2044	3776	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0278ff95b8c80b433211b9acd67fab9d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd582646f8,0x7ffd58264708,0x7ffd58264718
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1749465931799336104,9574416468056178080,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1749465931799336104,9574416468056178080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1749465931799336104,9574416468056178080,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1749465931799336104,9574416468056178080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1749465931799336104,9574416468056178080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1749465931799336104,9574416468056178080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1749465931799336104,9574416468056178080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1749465931799336104,9574416468056178080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1749465931799336104,9574416468056178080,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1749465931799336104,9574416468056178080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1749465931799336104,9574416468056178080,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1749465931799336104,9574416468056178080,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
e75179806fdb60b3337e8cd5b04cd6cf

SHA1
434a695c7607996cc4d1a0698d9214afe4d9fd38

SHA256
a121c6f8b11a0682ab639049f50ef2a1b00b3a2a565d7686cc64f501056b7b19

SHA512
e1e2f888005696fb33453f369efda963c71c15270338db02d812a1ad503c1dfd2a0f693c3f6a02ca2abb7cad631524b0481141646353c7b39adf44b09bf8464f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
65d1c3a7ffc16c85fd2bde3bdd41e430

SHA1
68f281ab06b962e0e3d50ab2f8d47fb8f5babd8d

SHA256
d9f7fa1e1ebe94b342003cde87f5a74011c157d3ed62b58e3e2acb4e5767c04a

SHA512
a8ebb6c9df1ba7b6e20cf9a709130fcc75027f2fea584a86f45c24d56289afb64c7337c924ff317386e1bd06833a49e10db71f692d884cd9669d3fc0bd293b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9cb0fac454ae8d100fc5d719a0f84f03

SHA1
c1065f409401458970b25b48d96ba66375e18b48

SHA256
157bdfc62c3aa61483fcaad5cf0c78e99764a4172c27d53464b93ad4420c983e

SHA512
6ac8ed24d768396e55ad91bf46012fd7ea2e2bcbef5211be102c26e873d714362435ceeae8e24cc2b145a2cbdfdbff9210f04bc3f735b9b719640173adff2b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ba3c93dac7a9f8d04094832954e012cf

SHA1
eaf5bc69e00c41408c6e0c04315baef63cbff60c

SHA256
0f6eccae8160d200ee78f8dbaa8ac146f8eda11f8c1c335ecfc57d9a011792b0

SHA512
80ab3e1b7abff70d543183a0a7279b11da14f3b7c4a446e54dde5b390fdfdcf4df07d6d291e2929de145a5ef3f07cbcd94df538b54eb84b4dde53f7c2b47e551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
d652505708c000bb435fdfce58e4e0a6

SHA1
a4b9e05cb033d034952fb0bbcca3a25c2cc2fe2d

SHA256
d89f9afd424819779d991cdc6bb5f473763f233282c029441f0f6beb1820aa50

SHA512
abb8263e3c6364ed77ebe0cc2f6fa3357b994cb260ad04f2500cd51d1f492dae7e30abf7e5c0a101c37a2c68486cc0170f7b9ec15c690441a6f2119b23f9e0b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d3a7.TMP

Filesize
372B

MD5
997453f4ccb94a12cb9066cfeabb1fdd

SHA1
e42fab8bd6b44f0023213bf1e0f0aaa230a8f5f5

SHA256
2268a4c193c8918de1b7720ee1f979113cfaf006c72296c3ae0a277a1d45304b

SHA512
1a6774bc595c23ab09a280ac0491b2525bb33d4a728d166afe4f201dbd51de2b14c6a6864c0fc1fd58b9756c023dc9fd72b4795d8525b2110458d42bc2dad51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
062721243ed891018aa85dc5e46c27cb

SHA1
9ed02a6ad54d185b103b31d181e84eb3d3b06650

SHA256
aec355a2627fa2e12192066e122edc8b3bdbb00ddfd8a066d131bb7d5a4d0377

SHA512
422e37e2feeb17b8c88b72399bb28dab92e4d16db07d01fb56aa7fe997a17b72e2abb20cc07f81ae7aa0144071a013abf5485248d3703b88b377b5afb08b4dc4

Download Submit