78b93fe53cc10469de51434ada3da0c1fd757849525b52d0c8484bf3122e23ed

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 07:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d5b60e54cb87ce69a3181feb713afd6_JaffaCakes118.html
Size

136KB
MD5

2d5b60e54cb87ce69a3181feb713afd6
SHA1

094ae504175b4370a68bb605fbef2edecac935f8
SHA256

78b93fe53cc10469de51434ada3da0c1fd757849525b52d0c8484bf3122e23ed
SHA512

cb3997975f7379dba6f8d1e8c06f7310c8ea5f9d53f97efcbcf783fa573cc288b56d458fe7045663ef40eff20d6d74ea3dd67f170095b35681b6511b2149cb5f
SSDEEP

3072:OvenrLEQiXCQTHzutIbbciuKA+ktFvqYFn5DqGuI8CO3Fr2s0dSoKieW3F0GbWfM:OvencTHzutIbbcGfk

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1328	msedge.exe
1328	msedge.exe
828	msedge.exe
828	msedge.exe
4692	identity_helper.exe
4692	identity_helper.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 940	828	msedge.exe	83
PID 828 wrote to memory of 940	828	msedge.exe	83
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 5012	828	msedge.exe	84
PID 828 wrote to memory of 1328	828	msedge.exe	85
PID 828 wrote to memory of 1328	828	msedge.exe	85
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86
PID 828 wrote to memory of 4580	828	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d5b60e54cb87ce69a3181feb713afd6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff869e46f8,0x7fff869e4708,0x7fff869e4718
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,10803917117814831612,57167034506488747,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,10803917117814831612,57167034506488747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,10803917117814831612,57167034506488747,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10803917117814831612,57167034506488747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10803917117814831612,57167034506488747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,10803917117814831612,57167034506488747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,10803917117814831612,57167034506488747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10803917117814831612,57167034506488747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10803917117814831612,57167034506488747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10803917117814831612,57167034506488747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10803917117814831612,57167034506488747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,10803917117814831612,57167034506488747,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
622B

MD5
643c867cb8e55873a0d2a45d3ef7c75e

SHA1
77d0680dfd4443da653f43eef9dd724537cd8cdd

SHA256
db0e9ba82344bae31c41d04e6aafd36e11fc3ce1d2b90d1ad261329d59cde88c

SHA512
88428da80d5444bc00852b90b878ead4b4478219881b9e3fa156332e212a0ea7331a7b4e3502b8d5d05f56b23189d3d435ed08b0060f7a2daeb747fc80a0b99d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7bb4a79c1f4d39dd23bd91af264f9f8d

SHA1
c4f44a34e29d714e1ef816e70c669783daefb6b0

SHA256
1007c306eb1a5d6f256e7567ec22ca320056eba2756f24ecae3e2628dd3a3fa3

SHA512
abd9bc07a72857b6bde7b35406af0fbeb873542df0cc5baf8e3bf43069e224b4b2b3217c5dee271f3c7aa84768753ac32cdafb6535d6a6f65fc103379d0a575b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5aee1c987bf37de1a3d1538ce0b17d1

SHA1
3d1eee089732df1a0c22343ad13eb308ba7b8a38

SHA256
891c64230d8fd3b2f9076a7c262518b82d325967463a869523ddee564067c8aa

SHA512
7e48fbf27e161c029616e65a5e957d14dca6f1f754047a085111f67faa6d4b8a327b4249b2de7a04d0ed85bcd8d3946b50f803d49ab2418d2e0904bcc7ddd63a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
3807c37fd34b88743e1b41d814a68f2c

SHA1
d7912f3cfcee318381aed2ff1355a70103721386

SHA256
5c3f55564069bf5ce9f60f13bb0decfad0bcb9de84911c47b92cde223354d738

SHA512
86a9ad2da9f65d81deb2c5f46e2630225f331a835b758751aaba5c55d96da666642c125dc3e5e9e7b46d83cacd752a5b8422af1dbdb5cb9fe9c8ea04ae469ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58819f.TMP

Filesize
372B

MD5
f64763d77594f147bad9b8c0d7031679

SHA1
0e1ecca64344c6702417b3e6925962ff971cf0e0

SHA256
76bdcb9b9c56feebe6b55e283cc3a35847a65bb78ad530d5356ea907aa6ee0c2

SHA512
9e864dcfc5dd30fa2af60fecd4977410ac1c120b94079dc5224af62ec39dbfa50d7939f3cb4b2ea120fb967bcbf97bf5e783298ec543bbe010b6667173deed3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2e1e854713b6536825b451b4b1887b5b

SHA1
075647d27b91be990466ad5ffc4964b89f5bfd93

SHA256
dd67bbea95760e319b947d68febf60eec183712b192a78e708770b22c397864a

SHA512
aaaccaf34d35dd5b92f24d745ee318e014dc70b9a7bbe70e82bc123cc2122e3875a0a9cc24c7a69408449238f1d90a7a0e9049bd1766d6c5b5d5f8ecbdef8283

Download Submit