7b6dba3c530ae966f76946fc21d4baa8351b939c96c9d24b228c4157d121fdf2

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f0ff7a52783be31ba68fbf3e787eedb_JaffaCakes118.html
Size

22KB
MD5

0f0ff7a52783be31ba68fbf3e787eedb
SHA1

b23403b9e5237c43d5510b2aa09d813f2558b637
SHA256

7b6dba3c530ae966f76946fc21d4baa8351b939c96c9d24b228c4157d121fdf2
SHA512

7ed8e5f70e0e65afcf560faa823bcd4af4131274a5610b933d18f0116426ee97ab4940976f040e686f7c68ae00fbf9440f5679d4464761bc7e0b01270004fca2
SSDEEP

384:JiFi8sXSewEu4Wu7mONUyerZOir/yhIz2M/PcDwAs0/ez6y+/tMVJYHAQbIT+ZSY:JiFi8wSewEr7mONUyerZOir/yhe02r+b

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3328	msedge.exe
3328	msedge.exe
3140	msedge.exe
3140	msedge.exe
4992	identity_helper.exe
4992	identity_helper.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 4712	3140	msedge.exe	83
PID 3140 wrote to memory of 4712	3140	msedge.exe	83
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 1088	3140	msedge.exe	84
PID 3140 wrote to memory of 3328	3140	msedge.exe	85
PID 3140 wrote to memory of 3328	3140	msedge.exe	85
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86
PID 3140 wrote to memory of 880	3140	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0f0ff7a52783be31ba68fbf3e787eedb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b22a46f8,0x7ff8b22a4708,0x7ff8b22a4718
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16146276129705093841,16185151753932640229,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,16146276129705093841,16185151753932640229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,16146276129705093841,16185151753932640229,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16146276129705093841,16185151753932640229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16146276129705093841,16185151753932640229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16146276129705093841,16185151753932640229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16146276129705093841,16185151753932640229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16146276129705093841,16185151753932640229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16146276129705093841,16185151753932640229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16146276129705093841,16185151753932640229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16146276129705093841,16185151753932640229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16146276129705093841,16185151753932640229,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0f1b98c2-2fce-408b-b657-08cf1750a369.tmp

Filesize
181B

MD5
211f9aee222dec2ff8a27c0079e169b3

SHA1
c9deb2de0d9c7c093717c1f88df18ce1de6a0f4e

SHA256
d66e82e4fe2207be1548d841a6d578ee32cb22d52f7ca4beb3cd99c0c4131e9e

SHA512
891db475814119159ae11f4ab9e93d31b954b11810a9c813d74a82334be12f91452deefcf034f2594d395617e10e6ad72790f29d3ec68100525b256a723e6d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88eeb87bfe2c79a3101b2016eaa3cf67

SHA1
41e338f96cce9dd5f30e7f8139fdb96fbff11b05

SHA256
7a7d546514ba783c89a4ae096f647442b940b6d0dc540c599b52c25b14369c55

SHA512
e3140605b61c6f1b1cc2243e0237e4fb15d099f516491ca71622af098799745067907c75080cb4672d255b4943a631b0308b02445395b4c93f751a62de8e0461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3353e1047cb18423a999579704c64588

SHA1
7c495ac08e89ecd0919b7e304e68b2878e904ba3

SHA256
74d434e35ce930b63113d0d8233e0df58efe6ff5359df393862cbff58d40dfe1

SHA512
49eb6c9c37d8f0e9b619715c516df9041dba3b24d0963ede1baac206fda10958f9f977f8f94d5529db116e1256d1a14262af774f0c2034e274b1f2dffba9bf42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e30674bb1ca5d41bc7c79e5506fdd80c

SHA1
f1c4bf5eb788e457beb1397e58b6a68766db27fd

SHA256
573c662cefaa9660183987254c43c1829b944ef224b89af89670e89f7d96d2f1

SHA512
d465ddd01eeeb097e23915a8488be1ed91289e1436ce1931876c27ee8b231d92048c97a64024984eee3cb2d6d8bbfd6d2b975bae03318fb1a8167af7c0342467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
15e8f9c0c4861a79d4151fa18a455637

SHA1
e715b2b1f6dc6a8ca615710bb2539c0451999dee

SHA256
5a57e25b672daab2ff8bb70eb392561f5fae18e5bd9539a67aed354d4fc422bb

SHA512
9bd8b196aeca3f1505aec7659575772a8688a801d214c465c324036a22182246cd9e6cbe0c8a7ec49a0ec36d4134eb2f5d988574dc117d5b3c2b828280348f3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58195f.TMP

Filesize
204B

MD5
f1f4bf0dfa96c07980d7cc429a1f6a03

SHA1
25eb41a173da635b79080721bab218b0f91c6b39

SHA256
6253c24d4bd289071688ada2a9cbb84d988024d02f307dbdec43ecc46951855f

SHA512
ae9b1014ffd72f672f45eecdf893dc897398fb19179b62706f6685ea890039909772c9d4b02a508fcf56f6bd774cc2c84f1a9a7d7d88cfb898d03b1a06a3129e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1a81022293ddc040b584d637f67e58e2

SHA1
76e93676c5a51671b49d3ee05a84cde1556f2fdd

SHA256
116c790bacf9dca1c1f5e8d5ccd482d2b8e6c9bb72b911361f17761337309ef1

SHA512
afef0bd761013d0e444dfc92ffd789dc5a011ee38975048638d9a9a23a30d61bd830c61b80636c3d7c5a68ad3f7abb5ea9750e2dd84b231c44af1773c93cbe2d

Download Submit