cf0459e0209b8d96d4a6ec959366b669c53cb81417ca5c40f478d7b650f752ad

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-12-2024 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d965a072fa01da319bc936df8068c712_JaffaCakes118.html
Size

127KB
MD5

d965a072fa01da319bc936df8068c712
SHA1

8015929bf996700e05c71cd72f1be388382321de
SHA256

cf0459e0209b8d96d4a6ec959366b669c53cb81417ca5c40f478d7b650f752ad
SHA512

083f5a7f90775bf9ac7aea4ee6254d44f18d1e4f3eddfabcaa600d7c8dc8c86ae5b8ecf158de76fc122699884528d6bb885f418a3ac319b6b892e7aa3faf18b4
SSDEEP

768:2ok1ATx+Bw24Tp7VDiYidNCiZW0HI8Jj2ECFcsm0IXWhCFAmmv1p4ODMtFA6cVxi:20HDiQiZdIdECZpZDMtFbcDOEtv4R

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1116	msedge.exe
1116	msedge.exe
2664	msedge.exe
2664	msedge.exe
2708	identity_helper.exe
2708	identity_helper.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 4892	2664	msedge.exe	83
PID 2664 wrote to memory of 4892	2664	msedge.exe	83
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 2016	2664	msedge.exe	84
PID 2664 wrote to memory of 1116	2664	msedge.exe	85
PID 2664 wrote to memory of 1116	2664	msedge.exe	85
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86
PID 2664 wrote to memory of 316	2664	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\d965a072fa01da319bc936df8068c712_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3f6d46f8,0x7ffe3f6d4708,0x7ffe3f6d4718
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14097782028035622093,7052292382005087542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,14097782028035622093,7052292382005087542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,14097782028035622093,7052292382005087542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14097782028035622093,7052292382005087542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14097782028035622093,7052292382005087542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14097782028035622093,7052292382005087542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14097782028035622093,7052292382005087542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14097782028035622093,7052292382005087542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14097782028035622093,7052292382005087542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14097782028035622093,7052292382005087542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14097782028035622093,7052292382005087542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14097782028035622093,7052292382005087542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14097782028035622093,7052292382005087542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
395B

MD5
9f0a78df4132151e053ae1f8fc9c41ae

SHA1
79d4d7516c082df876e75b92beb5108b023249f4

SHA256
3aa33f82ab812c6d29fb738eba0dcd0526bae72bac2ceb72ff7e2d33475ac4f5

SHA512
222da3a110ed7c08f35b38bbe32005d812d8b7e808a1fb3bea74154218c833d5e938d0f98851afc5bc67b337f717076031a5755f1faf4b35f52428c384495471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ba3bb92250c32f913e537f0b78da52f

SHA1
39f488544dd862287571d4adfff4c8819d24c0f2

SHA256
0d043b228c63e6ba705609af8556d7dce7c23d9edfe0b1b6b977381bb144b2d7

SHA512
aedb065252133a20266c65d5c39d919ead419f94a191b9c6f1491caf363cf98ba65f461b814417bfc9ff81ce35a1c6adc864399efe105c06b69b1c9a1e7415f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e5f8c2162f1f655ca2747d3f4ca3c70b

SHA1
b94642596917283133136087ab4ece07f8b0affa

SHA256
567f2aa1ccb233597c01fe4344309b68ebd94db80fbc7f29f74886e1c62b0065

SHA512
6f3b7a78e9482f963eb63836dfa23d50c171b73a7b7f8096533cd7d54f80a91d7179f2af392c00a7ef42865cdec3e1c7d4f6a1027dfa6d1076408b55eda7c1b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17a36c97e06645cb8ac163dacbf83745

SHA1
2159fb7a014820dcf80cd5da6260d380c99f4a31

SHA256
dc2dca5226dcf7773d5a0dfdac76b5d1bb41391bee0164f8dcfbaac185660b42

SHA512
d4d8695b952abce8e22924c8edf6e86d9216a3d7e640efac52feb5de63920fa87f0efa91f81d54a67e22d7917de92badaec36396813f78ea99b7e0b3bf725feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5388b194bf7b8e02d5adefd500bbd193

SHA1
9f7579916f239a640aca8fe8dddd2c1ac7450b7f

SHA256
46abd45028d560287234c64e9caf1775a3d6dc01e64641a44f00a764afd75c2d

SHA512
90e384635c44497bc5e1a2bfce8dbd5d3b33c6d7f903d48918ca5b06185e2981389db3a420b51b1015f72d217ee44d11d300b534284cb3eaa4b21f96f83cb961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
93686c447ea9e5c9b9ca1e26e3f04d4f

SHA1
ca371cf2b9b76185992e8395e5434083f9f40c17

SHA256
319da8d38aee3acdb5f6953bd3cb4dbc8b374846f5b46131092d84dff69d71dd

SHA512
5792bbbaa9be7d65fa8c84271d21268a62922b43e667a15d6c3daadec6e603ada394b0b149b9e0ec80dd4af27df2d4e09f78dfcbc389fba06abb6680fe1b075d

Download Submit