65d1dac3372020b58c9238c57c6e0be407cc09bde416192d007353973a5f24eb

Analysis

max time kernel
145s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a441d549aabc204b702722354c4d9ff_JaffaCakes118.html
Size

9KB
MD5

2a441d549aabc204b702722354c4d9ff
SHA1

c13092b769fdb824779568492e3837e8642b5616
SHA256

65d1dac3372020b58c9238c57c6e0be407cc09bde416192d007353973a5f24eb
SHA512

04496cc2ea325d706f9d6b7505abb8acd0b218e173e71a402a7abd066dde2f068a7e58b48325d3ee05f7738d945b7660fdca79ca54f4e953270a9a655d94ba77
SSDEEP

96:uzVs+ux7IdLLY1k9o84d12ef7CSTUxGT/kPsofpUlVHcEZ7ru7f:csz7IdAYS/AfxUPHb76f

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
3796	msedge.exe
3796	msedge.exe
4060	identity_helper.exe
4060	identity_helper.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3796 wrote to memory of 1900	3796	msedge.exe	83
PID 3796 wrote to memory of 1900	3796	msedge.exe	83
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3200	3796	msedge.exe	85
PID 3796 wrote to memory of 3304	3796	msedge.exe	86
PID 3796 wrote to memory of 3304	3796	msedge.exe	86
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87
PID 3796 wrote to memory of 1620	3796	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2a441d549aabc204b702722354c4d9ff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8037e46f8,0x7ff8037e4708,0x7ff8037e4718
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14289998778712532771,4254881903895703912,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,14289998778712532771,4254881903895703912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,14289998778712532771,4254881903895703912,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14289998778712532771,4254881903895703912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14289998778712532771,4254881903895703912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14289998778712532771,4254881903895703912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14289998778712532771,4254881903895703912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14289998778712532771,4254881903895703912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14289998778712532771,4254881903895703912,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14289998778712532771,4254881903895703912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14289998778712532771,4254881903895703912,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14289998778712532771,4254881903895703912,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90d52c8835ddc7bd0e54639f2e4d70a3

SHA1
bef538561f72fd41be3e7c9fca9f773b629fc832

SHA256
c8e0f641ae77e5e92d2de2d3b074a011462155ff19962f5ac0fb7a79f5e82d88

SHA512
863c754593a889316659ca2e85692f8cdff712258e9e43df64a4980eadb85c478cdd007749c508b86bf52449fcef4262aec34db092cf3cd53aa7889613131274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51fb8c86d885ef4f584ecc11112628bd

SHA1
eba37cc704662f7cbaeda30734d2bf998ee6f2f8

SHA256
07d8f4b127c110d0deae87025d7847d94659aed5cd7d7a8a425a425a5dff4144

SHA512
c28ed02e484cc3917e411929a3c771294327ead9953e7b20bdb6e48837608e403e2af0c439667d4405a76bb8dfa765ba5645d615a9f1364e8cc1f3d481e8b0eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
93eeac5f7dafb34bd132a6d5fcbe8ddd

SHA1
0ea4582360657c0133b6f66a4c05c39f80f698f4

SHA256
6ad1f40c84886fae7419a123b1e6007ebc301ec2109883401e7291dd7e5e086b

SHA512
51db2373def1877ded64b7eb32e2224f8d8277a5d4b75ae14c9f0b68ee4178b709a44e14f0435cda325ba0fc012c47afb78b6d39fba1dfa266b8e706505f867a

Download Submit