74ac0f3ae29cc8d1b879f9882106fc644893f14268a727fd120d07673bcdc7c5

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2024, 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

375134134353c1ed42a74b0762b0461f_JaffaCakes118.html
Size

29KB
MD5

375134134353c1ed42a74b0762b0461f
SHA1

7b962152bf0c034a3e3563f2c1110867af9c0044
SHA256

74ac0f3ae29cc8d1b879f9882106fc644893f14268a727fd120d07673bcdc7c5
SHA512

12847597cad5d004a31ab7039c7098745a50144230659edb2785a564786d729164991fdc90f4c1d4f69b683210f56f201d4878032a34b295b0a8fd1dfb8ae83d
SSDEEP

384:iz83pZqMxEysqEE6aEUuEpnxEfIpFEpA8elEnABGP/gmGCMSe:iz8dHTvnwwscpTSe

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
4112	msedge.exe
4112	msedge.exe
212	identity_helper.exe
212	identity_helper.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 2476	4112	msedge.exe	83
PID 4112 wrote to memory of 2476	4112	msedge.exe	83
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 4116	4112	msedge.exe	84
PID 4112 wrote to memory of 1984	4112	msedge.exe	85
PID 4112 wrote to memory of 1984	4112	msedge.exe	85
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86
PID 4112 wrote to memory of 4372	4112	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\375134134353c1ed42a74b0762b0461f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87d4646f8,0x7ff87d464708,0x7ff87d464718
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,15590224341446416411,6077647927430726338,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,15590224341446416411,6077647927430726338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,15590224341446416411,6077647927430726338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,15590224341446416411,6077647927430726338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,15590224341446416411,6077647927430726338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,15590224341446416411,6077647927430726338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,15590224341446416411,6077647927430726338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,15590224341446416411,6077647927430726338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,15590224341446416411,6077647927430726338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,15590224341446416411,6077647927430726338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,15590224341446416411,6077647927430726338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,15590224341446416411,6077647927430726338,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
30ef4b308e0f9fc07eb2c2f9ecbf7df1

SHA1
5e1b1f8d23da024b0d9f02a78b216a0fd4bb8951

SHA256
e267ab31e6f3d0b738404457cca4b96915a4b1503ad1b4275fe9cfe51c7ff308

SHA512
9a25918d7bb04dc6294f5db4703555212174508c3eea189586944a3d06e1b00db430ca4cb8eafbc9d43d30d59c659f0c48eb1b6d496745969ae2123ea69ae5d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b2a80407cf20137691cdfed1eaee195

SHA1
a7e3a5f3e98f7c97eb90f876f4c7bc0ed4d1826b

SHA256
f4f0ad3846fa77a0cbdc26bc6e677ba9a6585822783ed60cd13ae4d8afc8dc0f

SHA512
813e3b933870f23e6e5d94f1c200ae3058deb5a7e9183fcce746542250cd3909c2d61b92737eb8ea770cb89b13557faae5419e2aacf0bdf9bf82d7ce5c2425f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d4290492e6c42273d8fc44b289fb744

SHA1
648b0d0a8c062eb66278df690529b6f88d5f0679

SHA256
3ed028535485533f99090061b42e4375ea94295e1568b74fa0ddf791b972ad0e

SHA512
7ad1a8a0aea5c31f6e5ed9e61d983793ae0ba2ca8c0864940e722616bba1bf3561f5105c728f2116d8a2ed96f4fe80373a711f59881cb991136c0812ca31bbc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d877ba27716b4eede016ab4548bc6d88

SHA1
f2287f9c116754a73ca14f51095e169a1e378577

SHA256
39559b747517b3c44ed7e6c98e6b69b2110430886365098de22052e5e50b4e49

SHA512
6b936279c9c94342134fd7f1b216a4ff11d0581c7dfcfb32b0be394190f866bc8085fc12368cce9ce7000bd87599ff2b891d5df789b6479f2cf4ac7f52e9d473

Download Submit