f94efa5a4572e09ebe472dc92a8f4554a22031c60d3db2af44a8b5cc68cbf034

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e5f185e367e1480e28e47d110dfab1a_JaffaCakes118.html
Size

35KB
MD5

0e5f185e367e1480e28e47d110dfab1a
SHA1

501d4083b2ccaeec12aaed17bc9e7ec537cf263d
SHA256

f94efa5a4572e09ebe472dc92a8f4554a22031c60d3db2af44a8b5cc68cbf034
SHA512

46454fd85eed06b7da687b03c4963235f750d48b19491f944a0a9cc9cc6396fa54bd353fa34905657f942694886420be8989d28b338000f07bf22b33b578771e
SSDEEP

768:zwx/MDTHpx88hARWZPXhE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TL7P6SW66JDSD8u:Q/nbJxNV0ulS+/I8NK

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
844	msedge.exe
844	msedge.exe
664	msedge.exe
664	msedge.exe
3580	identity_helper.exe
3580	identity_helper.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 664 wrote to memory of 3724	664	msedge.exe	82
PID 664 wrote to memory of 3724	664	msedge.exe	82
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 4620	664	msedge.exe	83
PID 664 wrote to memory of 844	664	msedge.exe	84
PID 664 wrote to memory of 844	664	msedge.exe	84
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85
PID 664 wrote to memory of 4832	664	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0e5f185e367e1480e28e47d110dfab1a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff79846f8,0x7ffff7984708,0x7ffff7984718
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4011850501665693236,17312311521465354234,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4011850501665693236,17312311521465354234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,4011850501665693236,17312311521465354234,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4011850501665693236,17312311521465354234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4011850501665693236,17312311521465354234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4011850501665693236,17312311521465354234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4011850501665693236,17312311521465354234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4011850501665693236,17312311521465354234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4011850501665693236,17312311521465354234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4011850501665693236,17312311521465354234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4011850501665693236,17312311521465354234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4011850501665693236,17312311521465354234,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
613B

MD5
5bdfc583c670f967f61017ebb53843e3

SHA1
ea24daeb55ed918ab68c852c9c13e3c787e8546f

SHA256
026fc2f758c21f978753f19f943073c3b50add48bb82fed74f1f3caf2d6c945e

SHA512
033c8052d4450efcfea062d5ce7a4e215e365e7e8cacb7f7b859b52f6c3704d9ae24d2ae53dcdb88817d688af726462be130aedd9975c9ca8510026b42835cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
70ccb872de000b5a4fc2384ba1f7588e

SHA1
be77efef9d25ef8b3f2b50af0fa9de212fa1dbef

SHA256
1c1acf76a7f16023078e163384ce57860ec9c1bf9302437deb97dc992dbd934b

SHA512
bc896d0ad5728bb6c377e04f21a44a09a7df31fb81bd4bdb67cdc8423d9cc0ae8558a58ad6d0e52c77905f2e5a11172cb3f5d27c83484e0aa5470576024080ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d42da886a98b57596394c57ae4156766

SHA1
ffcdf2e923d0cf7a383782eb14ebff734ed6fad4

SHA256
d44836436972744ee30ba1ee2611b943d7a0f88438fb1d79a8d41c64564e5b8d

SHA512
e19030bdcf68612d5e64eff868d96e0395a36fd212fbbd43371803a7861a00231ab2006687da955ad0faeaeaec4b4dc85fd20d9f31f782f77008f9b3692b1408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b65802905bf23f6b3d350e81d5ec8231

SHA1
e45b686bb7ff595c252cb63def40081f7f856927

SHA256
3cdec0f6e3ab26f2a472610d2bc30e6125d62c23c79f6ecd37907b85015b8560

SHA512
94eb9976e9f9ba0be8be0e6b3141ad01ae571b81453ad2ce2cbe01df3e0b2fadd78890fd9f0490b6e179bd8965454cdf4daab49b85a54c1486aba4d23c06fd26

Download Submit