b01c31194d9f097e8e54998bd9f10d0f60ad1780b56cf42566b1ca6ac4729793

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

098576db5f64359e8a7475cecd4a683c_JaffaCakes118.html
Size

7KB
MD5

098576db5f64359e8a7475cecd4a683c
SHA1

7494aaf1eddea1fbc21aefe81035080efad5bc2a
SHA256

b01c31194d9f097e8e54998bd9f10d0f60ad1780b56cf42566b1ca6ac4729793
SHA512

42afb8ef6aba2ae566a1070440f5ce8a7c2434aab5dabf16b788c2f86c3582e6b9df221fefa09dd87d80fc633a08a3c5bcbc4b97bfe4581760dddf5100fb56b6
SSDEEP

96:uzVs+ux7QxLLY1k9o84d12ef7CSTUezfCwdxCDdCCpdACcdScEZ7ru7f:csz7QxAYS/qOQZ/jZaSb76f

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
636	msedge.exe
636	msedge.exe
584	identity_helper.exe
584	identity_helper.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 636 wrote to memory of 1920	636	msedge.exe	86
PID 636 wrote to memory of 1920	636	msedge.exe	86
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 1036	636	msedge.exe	87
PID 636 wrote to memory of 3196	636	msedge.exe	88
PID 636 wrote to memory of 3196	636	msedge.exe	88
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89
PID 636 wrote to memory of 772	636	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\098576db5f64359e8a7475cecd4a683c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90be046f8,0x7ff90be04708,0x7ff90be04718
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,8942561385573182841,17483760479118632447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,8942561385573182841,17483760479118632447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,8942561385573182841,17483760479118632447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8942561385573182841,17483760479118632447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8942561385573182841,17483760479118632447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,8942561385573182841,17483760479118632447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,8942561385573182841,17483760479118632447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8942561385573182841,17483760479118632447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8942561385573182841,17483760479118632447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8942561385573182841,17483760479118632447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8942561385573182841,17483760479118632447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,8942561385573182841,17483760479118632447,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db1ed3bbcaa8e96c29a0b57e72bf0319

SHA1
9bc11860837a2bcdd048613ba8dd76d6d77d32d9

SHA256
7c7db5dde536599fd7ffd4dee8e03ca0f6680e662022869057b09a4635b9b87c

SHA512
eb7375877e9b51ebcf8cfc62cf822fdce3fdce837fbbd00d4d54c52c4f67bd82408e4809e1c92f32e9f3edc9e6726910f752fbeaf14704745688b0239405e6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4b5eaf7edd9d5391ddfdb694e0cd888

SHA1
d1f92fbd238c4d5fb6861a83153893568d514586

SHA256
1d5fc1e6da67b60df30ee83dd11359ec3dbe0c4bdddff2f2f862fa9c4619d903

SHA512
1b62d5740572b1c17dadcb83d9e0017d6a8ff94cc64bc024cc47fa92a8180f7c2d18bef79ddf5cac8a9a97ecefd8461b06665e522acb0c5857dac1a2838fc048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4859658fafbf203ece3f7f2c9887c9d4

SHA1
3e0a85ee0c5c7497b3248b205e4c1d50b9c57b5a

SHA256
7dc3e6b0f6df006fc5849c4b316e92357a46678047ffeb624ccf8c435c0b5585

SHA512
e0838a1d561c58e0fc9393503d495c1fb3b4246a173435ad82d4530e69e3273589f6a7a0d23f29b00e89a3161787729b6e12c12040e6ff94f6b30f6c46445e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
36ee831f6f872a12476e8b873c550fee

SHA1
171fc51c61eca13cc8dceb99e7ee7cd57f0102f3

SHA256
067fa7b973e108a8cbf514ef5e4aa0092b9e92259c0c859bcfb0a9746b98e9f9

SHA512
07fb42ede88fd374a06a8d9eb8ac853244298fac86fded4412f38d7aa3e7898fc56faccb9235ddc04c52d306f6d8e63d51c27bc4ea7a5d49c39530095fac1575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
941ea4c983b3cf877ce6e1aab38f2794

SHA1
c4fcce581d0660a0c96d0579aedb528a8168233c

SHA256
3d4479f291d239eec609801437c1962e41e19c53a3eadd2f95342167fa7ad342

SHA512
f47836cc619ea50f24d3804a697bb562781e812a65285959d7dbce53db8945cbbab2f9b8290ba2bd9925f620858918ddc676c082cdadae8444a9751d642a381b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
976d20d25a886169e78ebb37367dbf0b

SHA1
d06be869c5eb0c64a2c8d3c9bc680b03f394d66a

SHA256
23ac6d33b2a7ea575e5beea09062cc068cbdfafae4d690ed91b7c2b66902f87d

SHA512
b44e1bd0d1b87854f7b838b4bfd9094515b88ef3298108c85bd966a890209ff318fe63a53afb3b3b062aae7ec9dd8ea8e939198df41a6844a4c668d752d13b48

Download Submit