75e2483b0713a240a21fc17de9fc72fbfe77ebc3f910a267d98117e33106c766

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ef60192eda2fbb6b2378eb9cd5948ec_JaffaCakes118.html
Size

53KB
MD5

0ef60192eda2fbb6b2378eb9cd5948ec
SHA1

d1f2582d6f47ca5cc30871f37084fd3f867de343
SHA256

75e2483b0713a240a21fc17de9fc72fbfe77ebc3f910a267d98117e33106c766
SHA512

e527a96cf385da448bd6fb3e624c47ba7b701ab380ab5c5ca26b4cafb0be8f4deb461eee1544c05f7759af584700279beabd41af79d045a977c5e7efe51e0439
SSDEEP

1536:CkgUiIakTqGivi+PyUXrunlYo63Nj+q5VyvR0w2AzTICbbuoZ/t9M/dNwIUTDmDE:CkgUiIakTqGivi+PyUXrunlYo63Nj+q6

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
1248	msedge.exe
1248	msedge.exe
3888	identity_helper.exe
3888	identity_helper.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 2324	1248	msedge.exe	82
PID 1248 wrote to memory of 2324	1248	msedge.exe	82
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4816	1248	msedge.exe	83
PID 1248 wrote to memory of 4412	1248	msedge.exe	84
PID 1248 wrote to memory of 4412	1248	msedge.exe	84
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85
PID 1248 wrote to memory of 636	1248	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0ef60192eda2fbb6b2378eb9cd5948ec_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9ab746f8,0x7fff9ab74708,0x7fff9ab74718
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,14278653170447527823,13808352124277359783,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2b1f41741c607a9d6bc7ef29657e91ee

SHA1
8d5f1ab7911de37e74f40d54b7969afa131208bf

SHA256
1aae53e3b58094b515d014dd02e2a44321383a8238b1e294bb0f968fbd3dc3b7

SHA512
000693e2a1ba7bc165623400dbbdaf5cf07d776cfdde8ba86acc0a01daf031fc4289f707cc65b828bf46a30a0eedb2ca66cbe32ac240fe296d7153b1a4649da5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f5d53c6304e44cf50639af17924c5a4

SHA1
01f19e2cfd6e6efb5235d322e6918ef981b03605

SHA256
af31014bf55f74e84859d7965064c3edeee663bf69a77cb3c4d8de9dd010b090

SHA512
31579b5fa58806ff37ecc50171dcb2a14045c38774a1493678429e6b9fecd996e155f75d3366080163df54747d663ec78ff69eee7977b6c2a0010bf522593ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
97c91ef12fe572738c57ebc5097ccf89

SHA1
8a0ec9839349ebf7dc49750fef7304e21486a030

SHA256
49507cd1385b8a3c20b6e78e5ab6c8ba5816a584d90418d2d63f5744e9fda28e

SHA512
59299f38b367e19e04c7eb203e5d8fbc135a67a21cd13324822d76ab7d303add0f255c9a48ce5ac646d40bf4ec7d9bcc78ada5a9ece5b54f2ff499b48bcafb4e

Download Submit