1ad8828825cbb0b7e1c4cc4df6d33a9c7cafbed463340b0ffc127532c636249b

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2024 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

308206c1e79e95e2070207b4a3e478c0_JaffaCakes118.html
Size

47KB
MD5

308206c1e79e95e2070207b4a3e478c0
SHA1

5934d2ade9666ff53d31a1c806b402fc2806e0ee
SHA256

1ad8828825cbb0b7e1c4cc4df6d33a9c7cafbed463340b0ffc127532c636249b
SHA512

03b94be2112cb0c804a6b94adc77686ee085cc4b1cf7a03a0d029dbf3167b98518b4ee853655543c94d2eb24643c1dbb93d860b4905c1040e8793ac66ed44d3e
SSDEEP

384:rV3j9ayM2cMAM9iOLAxXQhMYWj2mxNJuYyMuzqdKMMxZ:rVsyFcNeiOKQs2mxNJuRtqhMT

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2060	msedge.exe
2060	msedge.exe
1612	msedge.exe
1612	msedge.exe
3652	identity_helper.exe
3652	identity_helper.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2964	1612	msedge.exe	83
PID 1612 wrote to memory of 2964	1612	msedge.exe	83
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 4552	1612	msedge.exe	84
PID 1612 wrote to memory of 2060	1612	msedge.exe	85
PID 1612 wrote to memory of 2060	1612	msedge.exe	85
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86
PID 1612 wrote to memory of 3228	1612	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\308206c1e79e95e2070207b4a3e478c0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedb0146f8,0x7ffedb014708,0x7ffedb014718
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,5272225502345905547,5010926468633413404,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,5272225502345905547,5010926468633413404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,5272225502345905547,5010926468633413404,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5272225502345905547,5010926468633413404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5272225502345905547,5010926468633413404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5272225502345905547,5010926468633413404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5272225502345905547,5010926468633413404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,5272225502345905547,5010926468633413404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,5272225502345905547,5010926468633413404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5272225502345905547,5010926468633413404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5272225502345905547,5010926468633413404,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5272225502345905547,5010926468633413404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,5272225502345905547,5010926468633413404,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,5272225502345905547,5010926468633413404,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5388 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
f60b79c8a5803bd800543341683f1894

SHA1
aa26a939a76aabf96a92482900c619140309385f

SHA256
f887f8283f8c1a7bfd29c47f4ab78ced26fff142a0c86ea82c11734a314ab1c0

SHA512
40e3b852ff06dbe147df89c09b255fc34399a084c794bb9f83110674f8f96ac31362ebf9ef22fb5933cf5131c7daab9eb22dfacce4fd41f56fc3919d6c94fb1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
791B

MD5
b43fa01d31ac07573ff7eee81e763260

SHA1
f31e485901ea8c47071b8600b871b67e6351ae37

SHA256
32238d3621585186e737ed450ba579e57ca010444933bc54e9183323d0cb23fc

SHA512
67512fe0175fb2d5d8ef67101284790f918c88fa0e769718ebdd7a21880c996f40d17da5441ba55bebd8095e6922e6cc7ef4c28313a0a5fe895cdf44f850d92d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b2c7fcc838d36eedc6293c2ed840ab0

SHA1
ac3784c726004147616edfeb2a4191cc81d8f130

SHA256
186f2dee2900e79cfef325b68db74d5fe3d14acb37782e6e53c2e60bee68cae1

SHA512
12ac4bc38c9a95dde18eeac6c9f661577c50527addcc7e75793a8353c142c47aeec436e78083b4b75a6a3e53aa2d28e77b1d00a7462c1d6e906204b01e3d7c49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5fa53f886c99ef39815434578621cc47

SHA1
db177ed49dc84cf61d66e4a6608a7134028cbdb7

SHA256
fd0fde9404727abcc8f84130b20565bfcf523db0db5ccd81f284d2597bab03d9

SHA512
4f475bf6265558eb892edad98274f3346df8da48e1d4ae034a7155e6d9eabf4bba9d38296f2d61d2b5fb7b84708ee5a9b6d928b8afb958e62404c23f61784136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
78488fc9414046078d300a20941086f5

SHA1
ec76f5337ed95fe1344a72781fb0da224a2551ba

SHA256
3b7d5f49d65dc99c0d893224b1088c5dbf329ff18c0b755c36ceaeb7278cbfe2

SHA512
85dfc45a77487b5dbc16b439f9db041ce0989139979bfaa1c2cc6f9a696a8e0bacee2c11e52382c9c03d512211daa2a42535fe37e3bfd0035a8e23b830c98d20

Download Submit