6d9d1ed7eabb66b3636d5ba695f67921b4f632fed353b73b06c6fd2bd8fbeddf

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2024 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

832d2be2e3be5ea19931ece8f8850eff_JaffaCakes118.html
Size

52KB
MD5

832d2be2e3be5ea19931ece8f8850eff
SHA1

569366bfb9d67add050a4be5291354c993877e40
SHA256

6d9d1ed7eabb66b3636d5ba695f67921b4f632fed353b73b06c6fd2bd8fbeddf
SHA512

5cd5e10d04ec70a7cc60f3d66ce70b1e32887b089cee2c3c346aa93946be0a895de09c92fbbc64870c866e10402f18b17b0fc2da51b950c791c838e6c8b2e72f
SSDEEP

1536:XEijZeqLAEijZeqLGcGrsVdkHT64pk/DhWf:XEijZeqLAEijZeqL9+sVdi64WDhWf

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4164	msedge.exe
4164	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 5112	4164	msedge.exe	83
PID 4164 wrote to memory of 5112	4164	msedge.exe	83
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4860	4164	msedge.exe	84
PID 4164 wrote to memory of 4872	4164	msedge.exe	85
PID 4164 wrote to memory of 4872	4164	msedge.exe	85
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86
PID 4164 wrote to memory of 716	4164	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\832d2be2e3be5ea19931ece8f8850eff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc41f946f8,0x7ffc41f94708,0x7ffc41f94718
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2308,11742980692458818749,1595237959031690831,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2308,11742980692458818749,1595237959031690831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2308,11742980692458818749,1595237959031690831,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,11742980692458818749,1595237959031690831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,11742980692458818749,1595237959031690831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,11742980692458818749,1595237959031690831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,11742980692458818749,1595237959031690831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2308,11742980692458818749,1595237959031690831,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8edf5aee848362b3fa4c7102382947c3

SHA1
0ca71672592fef3c37dbf92a155d747c927b433f

SHA256
16594552785f10884854bf38d179c9c3d26d023a089180bfe5a3ceb03c395e6d

SHA512
a8863cfcea01c05938edd34690db467f0d429f0598528f23392ca7e7233a9b2fe2eaf7b886ac965e22e8c63ee79af84654e5b2f7e94033e5f54622f7b9584893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78d53c4ecb4f237a195804abc28ebb1e

SHA1
5b036abe11431d0c164cc5427aa7eaaa2d8d1580

SHA256
b1ead24150c5c17d1e8cdfaa64b4395cb1b0872c6f4bb25eb8e024ba0e39c847

SHA512
90c1e12b736dc1a644262a44141f4bd7eb5fe935249978d1ff083e39017652ab847107add5b5fbeec6318db181cd22a728938fba7c384c8023ed8e3c03e61496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
4eb03308dace96a6f955ac163c9fa1a1

SHA1
3688239f26f266233507c00a595954bac0adcd26

SHA256
1101e78996f1353737669553ddcbe74749a122921b80cfaf1855698ed9f9a2a6

SHA512
136e5ee8e427147e4366f4becbe29aec4f48f5de63c6cc35b4fd0de9c07a1ff94948b9d1754bd0041243b57f30ae5e38d0ffaadce4851ccd9767eaf55822651e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
19d5d763a27092864611e8208b67523b

SHA1
8cb0cd9baa461fed04126f490ebd5c7ee57f907a

SHA256
831086231c2ca0cf0b1551ebd123a006202c9984efe0bf7fd0f7decf7c13bc98

SHA512
61e59c85cf8200e75b414dc106bfb3be6bdc51fdfce41456561435285bbacd8298879fb71d2f628f81aed251e96b00b0445fa93111e01c1a2aa73b2ccb8120a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f3a4593288d8e8b3ea7b45fe92debb80

SHA1
031e8c008d5f62fae8ee07156a909f6862ad1078

SHA256
5885cbce2bc870b9810bb41ab626035a0e364265ccec397e4804d802b08bf46a

SHA512
250156c712af6d1ecc837b28d103073b4a5be5b3558d24b001df8604522381366cf3e5f1185649858584af1c49fcb094ea876a6aa94fc78ae8deb770afc36cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8aac62e399bf392f30d854e197487ef5

SHA1
117580cc535686fed34ef5e66c12b5534401aa0f

SHA256
c8496e19aaa76f7e48b2d707b6187e6ba2bfb52d1a02e86573c9dd696fd54060

SHA512
7a08517988730cf420397d2ae19a583cf8dc5e2b249b5cd18e81660e4bd128571b8f15eaef7ab1312808e691f6021443d308aef89e94dc1488720d6b681ad9c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
747f587280adee06f09b8c74030f0432

SHA1
deb09fc4b40d34e4a3946646cad1651473b4179e

SHA256
7baa536380767aba326cdf5109d43cd264dcc75c0f0a59791637fab7dc859214

SHA512
309400311e85652e442575af7acb286ded2f2c1c4a2f80b50088ccf22f33480204775d8a3ab1c070a23f36ad32b07fe42eeb4cbe487e7352c1e9fa1a4dba2708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6051dee31323a487ac185158fc886a42

SHA1
dedfe30d019efa71a04d3f36e11385f5f7c6756b

SHA256
a2278b9252510093722df1889ca38b89e8bdc6b5b504c7ecb96c9c6eadc51a50

SHA512
474c2b39b9c2bb66bc384df5c9005d33ff741bd1c52febcc4bbf4547e63b231a7a1a750b3f2742b2bab552d3b127b24fa2df0a6c86568a39cb5491f805ca797a

Download Submit