1ca8a4200db52da6a335d003d6d5a2f778d1da31616ab969c0163a7196446df5

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

284cea8217080fadde388aa73bd7de0f_JaffaCakes118.html
Size

16KB
MD5

284cea8217080fadde388aa73bd7de0f
SHA1

190d0493d6e47382867a7e1c305bb114ebc38654
SHA256

1ca8a4200db52da6a335d003d6d5a2f778d1da31616ab969c0163a7196446df5
SHA512

1facc46fdb7328065b4a09b86ac4bb55b80615ae7b5872cc93d64e1684ddcc5702e1ccb96ad18ef0b68508f290828f4d6bf08a33780202008b62ca95aab5a3af
SSDEEP

384:GsgvuEs/L5O2OvP2TuPXzMJz5gQZ69yD73eDcqK9XE3fVPpKso75KJQZzuVyoy:ZgvuEs/L5O2OvP2TuPXzMJz5gQZAIeD0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2144	msedge.exe
2144	msedge.exe
644	msedge.exe
644	msedge.exe
3660	identity_helper.exe
3660	identity_helper.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe
644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 644 wrote to memory of 2116	644	msedge.exe	83
PID 644 wrote to memory of 2116	644	msedge.exe	83
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 232	644	msedge.exe	84
PID 644 wrote to memory of 2144	644	msedge.exe	85
PID 644 wrote to memory of 2144	644	msedge.exe	85
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86
PID 644 wrote to memory of 372	644	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\284cea8217080fadde388aa73bd7de0f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff276546f8,0x7fff27654708,0x7fff27654718
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8512883841723204552,8530489402413545107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8512883841723204552,8530489402413545107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8512883841723204552,8530489402413545107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8512883841723204552,8530489402413545107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8512883841723204552,8530489402413545107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8512883841723204552,8530489402413545107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1372 /prefetch:8
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8512883841723204552,8530489402413545107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8512883841723204552,8530489402413545107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8512883841723204552,8530489402413545107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8512883841723204552,8530489402413545107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8512883841723204552,8530489402413545107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8512883841723204552,8530489402413545107,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7225c2c3-52ea-4daa-95fa-a1c0bee53d5a.tmp

Filesize
6KB

MD5
b851ab737aaa9a7fb68d87ccc65672e8

SHA1
b72aa7f3761a7efd8b9e51bf2237a582968c89d4

SHA256
48e5d95ee949e9c00536f93461716412f0dcd148d2e255dcfc43ee9aaa2f151a

SHA512
f924fad6c6d2a108b33e42258792191d421126018a5e87cb43887e78dfbf67cdb66250123d7e69d07093942a5c5a483c53e63f33a6512ed8d0c51ec208b5611f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2010961f690b4f497eff900a48c802b7

SHA1
b9bba71b0e6fdd209cf219e1a6189d0a9f8c7ad0

SHA256
5f1b919a0af9ce6db4158a430634b1d6460f88d847cd97bedd57036a05d902e8

SHA512
70fd282270a0b63a205a808bbea624d9e6656d59a013491ec15216a875a76f7f77a70ba98b8a55b70c244bb433af7c88d7fca3e20778bfe5a7bb356ef2270cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
632cd4bc6fe9ebf5812455cf27f9f62e

SHA1
86923bd0081552f1258828829eb2a976b0174949

SHA256
e4ba0be15891d8af4988e3175c5ecab0d5d479f4d71c87730e236e5ecc3a116a

SHA512
e3ca67e22ab1142abeb0c4812e91969c8d013ce1ee6d2a4ffafe407cd0e6a35aac8f3dc72ed2cd2ab8b4545fc3a76f74c36a90e9d8ba52f978e6f84c430193c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
7e8402512434bf911691267746f6c6d4

SHA1
d73db6eb2ed45f71c087783025f09bcc1fd6daa7

SHA256
363ddfdaba46d1ef264102e3d8d53d40c060f9d2c9ba629a6ba1a00face9e9c6

SHA512
1f8ba1d323048507fe55589e5bbaa466967c6ec81d9074ab57df7a9e8d5f16a7b3e9f63385923275e61920489d52558156cbe041f30b28305f2a7dbd8cdac7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58216e.TMP

Filesize
704B

MD5
4b2631015ad2957f0e9d0a19a7590c7f

SHA1
069f7102ecd9caf0c2f606ec375a941462b641a2

SHA256
412566579ebe0e58d731ce1e082da2c196191473e9b1130e9336d69628e7a773

SHA512
9c4f1ac580726558438c07b03043753f2764c69d4e5dd2de25cd841e22f10fcce50b478b8ef3acffe40a6d16a674d041a092325524a0ab324d389ac0806378cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dfc5464382b79faadc2f2ce39f46a16e

SHA1
d8b89b1bd21db25a9e6f68e27a7c64edb2841657

SHA256
50fb4d43484d11adff6067a4398d124e432e473a8dabeaf7e7b7b26a99b9fda5

SHA512
21d98fc610f756224f939fbb1178656837cdfd4dbf1cabd48265f63185b4a76abf818dc1fea8d83031a371c7994ec62a04d8e32cc5f45eca3cf8c8f89b05feb6

Download Submit