2abf007c35e60b08443fb91181d395c09c56706ae360670090a3b9c86e214860

Analysis

max time kernel
150s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 05:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09184fe22d3b8e62de281ea4d3fdff28_JaffaCakes118.html
Size

45KB
MD5

09184fe22d3b8e62de281ea4d3fdff28
SHA1

de26e0da395ee492769fe3a187773d49130f9e69
SHA256

2abf007c35e60b08443fb91181d395c09c56706ae360670090a3b9c86e214860
SHA512

5cb4318fe4935907ab9a0669cfe789acc6dcf94af8539ac65e46fc56874e2b168e20d36087dba2323d03169bc0214bb1f2e68034c85a6708239266153ee57660
SSDEEP

768:S2U+rro5aklFBjIN3Tp4GW3BTLgkOMGJA8eyz7oQIR2A:S2U0k5aklFBjIN3TGGWxTLjOMvyoQO2A

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
4588	msedge.exe
4588	msedge.exe
1180	identity_helper.exe
1180	identity_helper.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 3968	4588	msedge.exe	82
PID 4588 wrote to memory of 3968	4588	msedge.exe	82
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 4068	4588	msedge.exe	83
PID 4588 wrote to memory of 3752	4588	msedge.exe	84
PID 4588 wrote to memory of 3752	4588	msedge.exe	84
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85
PID 4588 wrote to memory of 2320	4588	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\09184fe22d3b8e62de281ea4d3fdff28_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff381446f8,0x7fff38144708,0x7fff38144718
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,156660293671918667,16820915376180588940,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,156660293671918667,16820915376180588940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,156660293671918667,16820915376180588940,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,156660293671918667,16820915376180588940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,156660293671918667,16820915376180588940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,156660293671918667,16820915376180588940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,156660293671918667,16820915376180588940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,156660293671918667,16820915376180588940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,156660293671918667,16820915376180588940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,156660293671918667,16820915376180588940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,156660293671918667,16820915376180588940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,156660293671918667,16820915376180588940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,156660293671918667,16820915376180588940,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
d984d3b884823dd18fcba4869943e229

SHA1
95f1c5c2dec578047e3afc1172c56cd6bdc02284

SHA256
e5ed540a7e91c2131f90df5f53a67aff9715b2240945bc3eb86d04d9e98e509c

SHA512
2429c7255e2f5343af24dc50909c9f0bd2f517aa689dd2bbc6cd5bd12069fc35a544f84a5070f5feecad3e9b583e67801c65c96752058f5466c8d9dbdb84db6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2396feb7fcdb4257b84555fcd5335eb4

SHA1
73f147888de9337fccaf3e29f0da866771686d70

SHA256
fb662f867439178e41b6fddb9a861554c42252da55188b80a5200f739f691268

SHA512
f383ebc54ce98ee708f1c734c27ffc9176f23f4a528abe8019e4cc396ede9a09713c1a271a9b47522953e4e7a68021b575d29639b37da749b980542958416582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0437c14552330c370cc7d22af9836af8

SHA1
3d979bb4f03f9781ef89c998c4bcb1ab47756d8f

SHA256
2efd0d2d47c751154420cde9303e14167118864a067a7c5e3ed3d2e065af92eb

SHA512
f153f1f36957847837f3bd7f571c2e89843e92a9f7f0e0795026e76bf57e7ea7a0ab255a99c32fde7beb2cb8ab6715885dbdecc77bcfae8fee312f0cdb18c720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
712e0e46caefa4d98ac9c7a6c94dabbe

SHA1
a79ed01791f5edf1de2e9e898f8dbd17733796fe

SHA256
932d5604eaa2358f1ba6f3ca7fd10c7cc1c81f7cea9300e191f8f54321c2a14d

SHA512
00e04b6db9fb1d8a5e2779b5113bf9664e1ad043892c2375d553f97c6e63c02a4118e8b411a5f086fd7ea810f995e6367e5514ee20bc9d58da733e475a3cf73e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c2b8fcfd21a2ece3d672665bd17bcabd

SHA1
ce29035635e50e1b01e8e937a42154b8d6e3cb92

SHA256
1bbe2b6fd281f7d618fc973676deaf151a8f49fcff1a425fc22c4919e95b22ae

SHA512
56a6dd2327b7f33dc96f89a75d538b71fe023b2cea8393f942bc0bb18cbcc1e05bf6f49bfd51db9d3a39f5f73935e487c91065c779bd5724d5dd282a9a39aca2

Download Submit