6c163d3917f25d07f89319540abcbca86665fdf488f1bc0c4b0d5b6f087d24df

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-11-2024 03:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

84c7cd7821f08ccf384d9fcff020edc2_JaffaCakes118.html
Size

168KB
MD5

84c7cd7821f08ccf384d9fcff020edc2
SHA1

a32e313c7260bfec2f7829d80f66ae2cb26a2449
SHA256

6c163d3917f25d07f89319540abcbca86665fdf488f1bc0c4b0d5b6f087d24df
SHA512

0c674882bc30a2e56f165436bb750b8a0707ff8d661d71ffe35c3099636ce7cea2a0c58bcd1cf13d8b81af3bc1060e9699f33779485d134884fd8584f11efb96
SSDEEP

3072:0fsUkSw1iRYmRB7asDpUDvfDeM/K9odTh1PzodThLodTh3/Xg6CnsdGp3u8t6a:0kUrw14AOZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
2228	msedge.exe
2228	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 4548	2228	msedge.exe	86
PID 2228 wrote to memory of 4548	2228	msedge.exe	86
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 64	2228	msedge.exe	87
PID 2228 wrote to memory of 4920	2228	msedge.exe	88
PID 2228 wrote to memory of 4920	2228	msedge.exe	88
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89
PID 2228 wrote to memory of 4872	2228	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\84c7cd7821f08ccf384d9fcff020edc2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd747d46f8,0x7ffd747d4708,0x7ffd747d4718
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,5598088773416673482,16949588052564391920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,5598088773416673482,16949588052564391920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,5598088773416673482,16949588052564391920,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5598088773416673482,16949588052564391920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5598088773416673482,16949588052564391920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5598088773416673482,16949588052564391920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5598088773416673482,16949588052564391920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5598088773416673482,16949588052564391920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5598088773416673482,16949588052564391920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5598088773416673482,16949588052564391920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5598088773416673482,16949588052564391920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,5598088773416673482,16949588052564391920,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5244 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9f6bab1f98ba5907241e11325b39f366

SHA1
5fbd4a0a9a0217e82105091623f791c239b334c8

SHA256
6d4b196d965f4e68830a22e2378d5de9c4ab09dfcc225374b69eda7e2948f63b

SHA512
28250cdd0b99fd7a9b93da5e578e4d36adac5aa6b6bb2f7ea811c4881609aaa3390c986e1a9ca5977cb7756355a4baf1c3dcfe5e6449a4eb321e2caf62a18696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bbda59b88cd6843f132e4526872f8643

SHA1
3f01c163ff828b0f9d75e6d60b858137c4bfdb6d

SHA256
165c0d46735cee42cd06ed35b370feec634870dd4385508534c6df73c28ff46b

SHA512
7489a639703aa93c370dff7423defa45f465f01c112d593fbea8ff73a1a97c69db837e3314536f0b9211f2569ed91bcd94f0c131fe9713bd91b59453dc4c0e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
78048f949545f6fdb95e7f349914766d

SHA1
98d58ffddc4a849a81437937cf7189d2b4ace9c4

SHA256
8379d9ebaa5dd0ab18cc1d1349e1a61159f30e65b6a2fa0119bfaf9d221558cd

SHA512
b41bcb28836c45c042efb01d02461bb961afc5fe6063edf4c75c9b84ca08f1f071b198646f209e8c05ddacf22d1bf47ff18bffc7aeb3f121881050a764f0a566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a06fe4248953995a369a404e4115dde2

SHA1
f3356905ce78beb013468a07e55b81d220625b16

SHA256
6519847548b66d8ba6ed32c81bf86c0a97ba32c682a15c9471a952927528796d

SHA512
a85254f1ca5d362bef4f57b21aa2436050550ac95b420947626914d1bd9624d1ad97ba6c8b7bb06a08fe7157a95a5f5f131cc6400a0c8f288f6b4113e61c5aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ad1e4e79f2d93ecba11a269a2f6d768

SHA1
759116ec490f3d2df79ae73f4cf2ea7316c39310

SHA256
e4e32745600560c022c2c503b45c1a120876aea0071a380c0acc5947ae173410

SHA512
77b73638b27168056c0a8cddad21de6a5badf3829f83de40abdab8e2b9b089435d7c536c86df22fcd796dfb8591f0af9aa1f8520fcae17d04f83c0903c26c2a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
532B

MD5
69c6d8f49eb29fd621fe77c575920d31

SHA1
3961c93af9e02c97e7c05f051c0ed3bd1cc6f513

SHA256
b391193524c4991391e510d909c514e3fad34c272d01ce63ad3e801a52ef0cab

SHA512
61560a4401c83ad2e8e6089ec70bc7ca311966a31816dfc5cbc9f7b74bfd4f6326193e350c2a1513b71a405a85bd3a96626126ba7c5b9209fe047ee81d36486c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587f3d.TMP

Filesize
532B

MD5
311b6b61bde67609589ccdeb67840f5a

SHA1
27a327ed6f258cb9156d13849b11311527e2a9e0

SHA256
142ada9a22bac18b850aac69ec5c4fc05a38bca821e1c5a30cfc3493ac29ba27

SHA512
2f969036d9461a43e739f49afdcf2ab5c5db620e81722513c74e1d4f4fd14e23af99074c2e480dd19feb442bc0dc8d72d483eeef47bced6c8143e458b50911e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
af0951d71b118967d625eff1f8758286

SHA1
1824f7717de7e614975e6ba52e22f2f9ab5005f4

SHA256
881db507561db4458557946b8eed54d8a13831bbc36d0b1a7f26a996c8cf9c66

SHA512
a7ef35d23a2e71b9dafb594f0a5204305a89d223dee75179ec2ffbf087cb5ce2867a8a5d498b37da3bba9b92f7b5d9675079a583704d11640453c87548dbe4e0

Download Submit