1e59b80dd1649be9b21107341ac6a10e9d265a6cde4540d14008b4ff0dadbbd3

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 04:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b30d8c693a5d48740dfcd74e0ab1033_JaffaCakes118.html
Size

383KB
MD5

2b30d8c693a5d48740dfcd74e0ab1033
SHA1

d8fcdc485557321fd2100071b2ace7c2dd9893f9
SHA256

1e59b80dd1649be9b21107341ac6a10e9d265a6cde4540d14008b4ff0dadbbd3
SHA512

19e3fd67a0d8961c060cd62355eaadb98939a1293b454db00ad1a949dc5ad2b352d0f372a2cc40a72185aac7bea2ee85258a60cbb496f3ed04b1d863111f47d3
SSDEEP

6144:rPl+Jo0TKzVNoYo4HiHGn2nEXL+sHU0KwlouPZPIFI16nWMPh1zOGWYI1yz8+5j3:r9mxKB6Ybimn2nEbpbPIFI16nWwOXrwf

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
1156	msedge.exe
1156	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
4680	identity_helper.exe
4680	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 3108	1156	msedge.exe	83
PID 1156 wrote to memory of 3108	1156	msedge.exe	83
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 4396	1156	msedge.exe	84
PID 1156 wrote to memory of 3496	1156	msedge.exe	85
PID 1156 wrote to memory of 3496	1156	msedge.exe	85
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86
PID 1156 wrote to memory of 4592	1156	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2b30d8c693a5d48740dfcd74e0ab1033_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3e7f46f8,0x7ffd3e7f4708,0x7ffd3e7f4718
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13178296820352564138,7447200429972438067,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,13178296820352564138,7447200429972438067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,13178296820352564138,7447200429972438067,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13178296820352564138,7447200429972438067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13178296820352564138,7447200429972438067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13178296820352564138,7447200429972438067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13178296820352564138,7447200429972438067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1052 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13178296820352564138,7447200429972438067,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13178296820352564138,7447200429972438067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13178296820352564138,7447200429972438067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13178296820352564138,7447200429972438067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13178296820352564138,7447200429972438067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13178296820352564138,7447200429972438067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13178296820352564138,7447200429972438067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:60

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
4772e6dd4afc4ea6db0c5c5aa90a7027

SHA1
8f8ddd2328ce530c972217b5b84ad88ba913152a

SHA256
ba77cad52b65e5652380dfa9bd94f1c8f637ef68b0a222d7d16de9f550cb4557

SHA512
bf28b2f30502e571cf74731a6d340af06463319f83cf2f963fab72fa37111df81e0a20b9674a79740e7e69771041af958551fa5947d50bce50a5297ff2fab19e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3cc97dfd963ca7695a1f757ab68b8d6

SHA1
9df338e7d60ae505cca3829c861023f2fa9ea0a9

SHA256
2d624419f4abe7319ed6bc8018cf614ab0eebb94f16debe7fda060a6f2a40620

SHA512
cd6d11d3d5ad01e6bae3e3455d0e5914d364b75c67499d57dadff0c86b28a32676096bf287d2d22cb969462196ac3c43ba8959e1caed8a4576622bf54bd7369c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
828e9d7ac5ab9379b1ede236aebcecd8

SHA1
bb88991ed19f04d4d3961fe5aada9d58f588f873

SHA256
2ef0a8b7a25b1747da807760b6f332ab257eea4c8380627623f49efffefd73af

SHA512
150b1178f9a28efdc893709adaadaca9cfe143362d19eeb12eeb1fe2a6cb8ab518b3220a529fe07167ae1949b51ebbd81d8b78bda43f4b53f92d1a1f6c8af6e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6da1f93ccab204a2de2025c28dc9f39d

SHA1
87b43d1ea6f33196b3ecf2eeedd0e6235cb59163

SHA256
ab8a5a876b9983e06112dbb9dd0d53c325b47f9274117ade3f4bedad23b6606b

SHA512
aa05e644812b26f9a2916d19c33595beec46355d2669aa7e10532eda71aaebef1454860b5bd0936bd05d265d371b9fc5fa9dfe4b4be19436f3b11e69f4a958a2

Download Submit