5b017ee415bbec0504105e18c8d06c50f2a349dee2f2a7b535567629363b9381

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 23:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

840ca6eaf5058c0bc14d0db372cee211_JaffaCakes118.html
Size

13KB
MD5

840ca6eaf5058c0bc14d0db372cee211
SHA1

e404fc77018134e6b2b3b043bd68d87254f7a155
SHA256

5b017ee415bbec0504105e18c8d06c50f2a349dee2f2a7b535567629363b9381
SHA512

3f638f3bcd12587eb2980b0ece0c3f74cf259dfa4cdfcdddecda0755a29f2a0caaba7fa4af19a173160f6a93cbd5aa52cd1dbe59d9a45cb83a48cd57df3e44ad
SSDEEP

384:sKLlIcQVejK5/gukB7ZbnJUKx+0OmzguLZ:VwglpK6xLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
4804	msedge.exe
4804	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 1752	4804	msedge.exe	84
PID 4804 wrote to memory of 1752	4804	msedge.exe	84
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 2204	4804	msedge.exe	85
PID 4804 wrote to memory of 3984	4804	msedge.exe	86
PID 4804 wrote to memory of 3984	4804	msedge.exe	86
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87
PID 4804 wrote to memory of 1324	4804	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\840ca6eaf5058c0bc14d0db372cee211_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c78546f8,0x7ff9c7854708,0x7ff9c7854718
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,4374936851585880709,426283959252732975,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,4374936851585880709,426283959252732975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,4374936851585880709,426283959252732975,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4374936851585880709,426283959252732975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4374936851585880709,426283959252732975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4374936851585880709,426283959252732975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,4374936851585880709,426283959252732975,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
27c76768a65ccb1d51ec90fe9032198f

SHA1
d0f4c9aa2297638390994438784d3dd1ab3c9dd2

SHA256
57d0ddfbfebffb4ca6c3a0c969bb4b602a041e005a3ff7e3b2142161a5264dfa

SHA512
327f7c1b139fcfeedfbbae7dd780fade74a7e26e37ed1b92b306da4e4eddb4853b4f7773e1a4138ec5addad89778942cfd2887ba4592cb79a000f4ec88edab01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d97fc958eeb447baec0bf8b7a1c4d50

SHA1
b68c85dcf3cf9e09ea7436ba4ad132b2d4fd081e

SHA256
1fc31f3f4ec84de58d5e8621d9710aa0e58c7e834d447503d7d3efe5b20c1aaf

SHA512
5c75ec2b76f0d4b53fee1d458d82ed2fcdf7ff4babda9980e31d08046d264b9bda72afeac94112b7245f65f09348e7bd32e7bd56ef1c5f76d8cc72b6cb035f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1cead7e38c2d28c8745c88f1ced4782b

SHA1
1d9828d4a9cdc85e94ee11adc10c52c269cabbf5

SHA256
8b2da0161730942eda34a9b479cd68eb5a1a33cc33e5619d67c3c005e7e38666

SHA512
30a0482c08c95f925e895c6e85ad3916541318be4c9e93feb75169be69afdcd0c420da9534b420e7e1a6d5ac8666360acd996f13ef7a40f212d9135b7e78073d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4a82400ff111723d3bbf0be0d2279c07

SHA1
52820dce92948cc0fe7289274fe4aced4facfece

SHA256
aab4e877ab79cbf1830bd362fe6e12ad86cdb4aadd65e4a7217ef6ee8748bc61

SHA512
4970d80b0d5c98b3641a7a1bce50750867e1d36c6d4f080614acd50ee4f10b0e982cf09aa1ed33a8de4f63be28cad4eb1dfed0392b3d4ef048d407f3b322ddc5

Download Submit