6c826836b15d2ea9695328169d8d86f63e9468574b8177419a3678d89dec9b20

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d2324c61f5e8dc3095ecd78465c613c_JaffaCakes118.html
Size

6KB
MD5

0d2324c61f5e8dc3095ecd78465c613c
SHA1

3e6541350c051a012ec4323a19a81ef12cdfda84
SHA256

6c826836b15d2ea9695328169d8d86f63e9468574b8177419a3678d89dec9b20
SHA512

04fb10ef2cd7e685680d39ddf65f55d89b44208025a4d8dc317a18c38f5aa2606d1315e9274ead2c311b1d8d3306ff47c6258168ba7491a2600e679db7a3b3c0
SSDEEP

96:uzVs+ux7+CLLY1k9o84d12ef7CSTUEEtyIBojcEZ7ru7f:csz7+CAYS/a0b76f

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
1936	msedge.exe
1936	msedge.exe
3704	identity_helper.exe
3704	identity_helper.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 3716	1936	msedge.exe	84
PID 1936 wrote to memory of 3716	1936	msedge.exe	84
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 4764	1936	msedge.exe	85
PID 1936 wrote to memory of 432	1936	msedge.exe	86
PID 1936 wrote to memory of 432	1936	msedge.exe	86
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87
PID 1936 wrote to memory of 2412	1936	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0d2324c61f5e8dc3095ecd78465c613c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c2a946f8,0x7ff8c2a94708,0x7ff8c2a94718
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17174985961063566651,11364899912135423480,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7006aacd11b992cd29fca21e619e86ea

SHA1
f224b726a114d4c73d7379236739d5fbb8e7f7b7

SHA256
3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814

SHA512
6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b80cf20d9e8cf6a579981bfaab1bdce2

SHA1
171a886be3a882bd04206295ce7f1db5b8b7035e

SHA256
10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1

SHA512
0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
593B

MD5
7c1b67d10e98d93db6d75096ba37fbb1

SHA1
e5eefe9baae79b17177a696fe0b6993f055cbe78

SHA256
a70ff65a5f625714d2a693ecbbf652194810124e094bda6125414c9651792af7

SHA512
c4421f9f78aaace1ee9d65dfea8ae5eaa4bbdc329cca24eeace4d44050d10f69bd1b1b90ae2715df43f4f1c744b2c81e406477643383d887ac66e53554e03471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
174b501828139c3a80917361724fc38a

SHA1
b73029b17df42502d6d8544453bd8cec5f3c4a35

SHA256
7c160e36d1c8ff56815e20152b251fb050e655c950da36567f755d379be4f383

SHA512
9221a9b0b838681aff1345bf45ad85b15e7b1274f20b8631993d1551a7e7cf7e10ec5d93990293d39f44b10d6824b00ddffa1108458b7d371649b8236d2fecec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9096b73df4c5adba3eec0cdc785ca094

SHA1
cb0a5ee4f3150c2e0a8f3e9b59dd1fd6c9791861

SHA256
88b53fc58ff8dbd5f26c80469a6a9517aa75f085111e1328ad89549a692a0a48

SHA512
3f123f7aca43936c0b233a29d0a8442bde599ec8b47daba03a8b718eaacf8dbb315fe81e1d931eb47d82c29057ef275c477c9ebdd3e4b908333eda4fc48d348e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5356c3b8ecc22d74d6494bb2e85a3aa7

SHA1
09c177006ead1080cb6320259f083ec88bba097b

SHA256
5e29f949c821282998c2f9b11c0aac6953c0b6ca7dea1621dd216a26669cdc74

SHA512
aa9fa7c0571a987089fab4a1ef1a4716361bdfdb719181467fe6483e217565e6af2f62a0d4a69a1d0606833fd9b54b223ac3dc5d5662cd8ee91f99f89e7b5ff6

Download Submit