a214815351f4a9786c6739578f46f759984f5052b652464a1dd36286a799e598

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c0d646b6630172b545f102edfdba35a_JaffaCakes118.html
Size

24KB
MD5

2c0d646b6630172b545f102edfdba35a
SHA1

f97d47b01976996d81e913080790ff9cff2596f8
SHA256

a214815351f4a9786c6739578f46f759984f5052b652464a1dd36286a799e598
SHA512

13267a0341820c3c550ad868d7ae04dd9ea36d25bbfd92b0c571a0f0dcd928085298fe8fec8c68c3d0bf6c0d60404d3426da8180958c623cbdd420d196463050
SSDEEP

384:wKTj3pA9w5F9IE5EeKZeEd+j+ECORtEKE3OlxVH6hzM0NOfcrafOhnWBCghd+wRn:wKTjiOftK9FeqbDo

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
5032	msedge.exe
5032	msedge.exe
2320	identity_helper.exe
2320	identity_helper.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 4200	5032	msedge.exe	83
PID 5032 wrote to memory of 4200	5032	msedge.exe	83
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 4460	5032	msedge.exe	85
PID 5032 wrote to memory of 244	5032	msedge.exe	86
PID 5032 wrote to memory of 244	5032	msedge.exe	86
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87
PID 5032 wrote to memory of 2824	5032	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2c0d646b6630172b545f102edfdba35a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9116c46f8,0x7ff9116c4708,0x7ff9116c4718
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,5309572290410391154,13896793246103772642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,5309572290410391154,13896793246103772642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,5309572290410391154,13896793246103772642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5309572290410391154,13896793246103772642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5309572290410391154,13896793246103772642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,5309572290410391154,13896793246103772642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,5309572290410391154,13896793246103772642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5309572290410391154,13896793246103772642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5309572290410391154,13896793246103772642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5309572290410391154,13896793246103772642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,5309572290410391154,13896793246103772642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,5309572290410391154,13896793246103772642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
903c7e257a3b6a830d71308bf021992b

SHA1
b403ff42266175653c1e835b5b961fa2c3d0f01e

SHA256
741f0ae68cdb791b7d740a15556100e75604d6aa7ff75ec27d9c207dc38c62af

SHA512
74d2b47e9c53c87b28d400ca9e64f922ffd4ed3d02532fe6e3eca2baa8a48354ab19fd353c6389a6a89c81b607e6f5e3a997da92caf5b2f7d596da508566c1c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89cf69e4a62f567da826dd2fa6ca5b51

SHA1
12b85ad1e5b5922b8371147b0e1133d77faa0b36

SHA256
a26ce6e301d4e7c31f3b226b3801a07295570bd07ee76ce7b31854d214b2436a

SHA512
8110f9b6bdeaf07b47fa79802738dbb9931fc42990d6bc38b1b4960675507973fda711107efa6fe23e2984b4d7219bba9a0c153b1fc335045002102cc7889c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4bfdc54e24b031a4cc01e08ed14d168c

SHA1
028e2a8c3f3e76009329addf5f98f0fa8f14521f

SHA256
4f2b0c6f8b9b7b5f61360b877a5a0600686113ad8755efd5789eaf769600790c

SHA512
d7d63825beaef8aed71b7ecbee861ee9f09cb56c01c317f063823bc47c949d7c2cacfd59438e2c90bbb84d60c0857df70b3c1bce5b56495e581152e950549cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e559174ffb7f7d1ff5019a2c543043e4

SHA1
43eb0c03e190493ea1611d2802610905ed189c13

SHA256
aaaa8ba66442be3d0edd595a033b4c6e6e56e89c3892ade9d3f97f45eab50c1e

SHA512
cb46f2af5878dd2e924a47b935bd2a4fdaa0682c03d66ab0c368670e33a370c16fa65bdc122567fd158cf41fd59138fc8a2ce847cfeed307b1ba8c122fcaba41

Download Submit