34d1911c7e7d082876527a151655898075cf521cae1d2a28ce8a20a20ad99dd0

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

087312623464023119912126789a07f8_JaffaCakes118.html
Size

22KB
MD5

087312623464023119912126789a07f8
SHA1

09feac62a02f3b3ff5297688b18d779364087bd3
SHA256

34d1911c7e7d082876527a151655898075cf521cae1d2a28ce8a20a20ad99dd0
SHA512

db4cb2b1444d484cfca5ef255b4be7a5f3150bcaf257a0bd19ebcafd100ce5c101cbcc8c3e6c177d8ec5ba21fcca1fdcecba14561b6193f0e07da322d63678e2
SSDEEP

384:JiFi8sXSewEu4Wu7mONUyerZOir/yhIz2M/PcDwAs0/ez61+/tMVJYHAzbIT+ZSY:JiFi8wSewEr7mONUyerZOir/yhe02Q+4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
2676	msedge.exe
2676	msedge.exe
4748	identity_helper.exe
4748	identity_helper.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 1452	2676	msedge.exe	82
PID 2676 wrote to memory of 1452	2676	msedge.exe	82
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 2176	2676	msedge.exe	83
PID 2676 wrote to memory of 5056	2676	msedge.exe	84
PID 2676 wrote to memory of 5056	2676	msedge.exe	84
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85
PID 2676 wrote to memory of 1656	2676	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\087312623464023119912126789a07f8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8b5d46f8,0x7ffa8b5d4708,0x7ffa8b5d4718
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15958381443837745132,2221929315890342248,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15958381443837745132,2221929315890342248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,15958381443837745132,2221929315890342248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15958381443837745132,2221929315890342248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15958381443837745132,2221929315890342248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15958381443837745132,2221929315890342248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15958381443837745132,2221929315890342248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15958381443837745132,2221929315890342248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15958381443837745132,2221929315890342248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15958381443837745132,2221929315890342248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15958381443837745132,2221929315890342248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15958381443837745132,2221929315890342248,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
181B

MD5
211f9aee222dec2ff8a27c0079e169b3

SHA1
c9deb2de0d9c7c093717c1f88df18ce1de6a0f4e

SHA256
d66e82e4fe2207be1548d841a6d578ee32cb22d52f7ca4beb3cd99c0c4131e9e

SHA512
891db475814119159ae11f4ab9e93d31b954b11810a9c813d74a82334be12f91452deefcf034f2594d395617e10e6ad72790f29d3ec68100525b256a723e6d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f924b6e519b6b0959bdf198f47ce0517

SHA1
81d2f5b42651da40359566b82049b7d7c3dc1dab

SHA256
7488302e77d63288e3ef165699989fddc4dd77c142848086b5a8fa8d089f425d

SHA512
3ff99a86881f95975e66552b6a2e4125cb18cab09fecd3323adef4ec9263b9d8a2aef6d500f24c46ed83a321012d6a14c603e1990e7f53d412616ff8bdb62e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e35bd92d44a034727881a5ef465a2f53

SHA1
7c12c01c40f02e2f2b90089408f5b6aac7497c64

SHA256
53bb56b57217b170bab0433e605bd2526079987b84f745d315dc807f6e91737b

SHA512
c69d7bd7902a72b0778b8de9a032b98b3747571cdb41a94a62a74707e0c0a52d12c933aa775255f1edb6d52de67bc1db8af26d73c7924b90e67341bde45500e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa50ca9d1dfbea1b4ddbcf5d4e358419

SHA1
bd4e59f18ecd792e332132e2d30c27ebc4baa703

SHA256
36519b37da16e500495d7027739dd0451beaa8d9417f6a0e30eb51ae9061f24c

SHA512
3072ea5953782f2c9b7368ba839b8c17697bba9801e4a16d8d3da58aa24d7c0ed5b9d8519b08ce61b03fa2c417b80b22a35965bdaf2f49439e079096090dedb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
8a28a7e2772e329ac16dc37ffeebfa67

SHA1
80bf8438c867fa54ae2246acc004ee2fe8302d1c

SHA256
74c9eb8c60175281cc31ba044d2ae5f733c8c1658cff8c29c05bdeac705c2186

SHA512
61b7f90a82d3821d3b1188221a0afcd6ddb8410699b428b2b8bb37d3d26a8f02f35dcc8b719718cbff232db343d8fb88e00a0d2d73fdde0f44d9d4506b4439c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580904.TMP

Filesize
204B

MD5
a3e4d8abdc7fd8dbae4952f04e71d7ca

SHA1
bd877e036541b9adef9a1ec24d72bd1364f6851d

SHA256
19d3b07f76d314d753f4ba030420366b49382b91312dace94e326d47be24590b

SHA512
b035e1029b346565fc203339f151561a2b9e38fe164ca5e599df2c326ba70726ec49aaadf55c05e36ba21d9a7f14794ec1733495816b22bf881c240c66c3dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
56835e4b023d12f35ed2501d7388d57c

SHA1
1fd0d0127f3a72b2fc06f1fcd9d9e284332f38e5

SHA256
1cc2f5e8b5d84bba9cbfd47c9ffc28466c6c7fb8dbe3cf775711d10983f60e0b

SHA512
ad8d5aab67a54ef6472d4345c468ae45d3f8f468dcb2845302dfba3296a3587889290521c318c312940f09aa051fdb18c38858a9ca1d0f76e277cf430c4815ce

Download Submit