c9da97cdd2fa44afcaa12957e417e09124bb91f65c30cf58a2b88c414a2e8c02

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-08-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

887afee2520e01bfdab5fa83e61beef1_JaffaCakes118.html
Size

10KB
MD5

887afee2520e01bfdab5fa83e61beef1
SHA1

be3d2ad6cf5864f27edb3c85a2c310859337767a
SHA256

c9da97cdd2fa44afcaa12957e417e09124bb91f65c30cf58a2b88c414a2e8c02
SHA512

ab76ee460f266a7d81014c05f5866c41d69973e2a8f2ca34bc71f15c912290438c6dd92d0d3d598272c1e9f7f390487696eadb65078eaea85355e648be73edc8
SSDEEP

192:2VblIsr03cbco8k/w1wvqLkZcoBckcPncivcocOc1ci01e6uBuLbdU8d:sblIcuqZ/gu1BLmnbv/NWN0e6guLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
540	msedge.exe
540	msedge.exe
4952	msedge.exe
4952	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 3760	4952	msedge.exe	84
PID 4952 wrote to memory of 3760	4952	msedge.exe	84
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 3216	4952	msedge.exe	85
PID 4952 wrote to memory of 540	4952	msedge.exe	86
PID 4952 wrote to memory of 540	4952	msedge.exe	86
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87
PID 4952 wrote to memory of 3588	4952	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\887afee2520e01bfdab5fa83e61beef1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9addf46f8,0x7ff9addf4708,0x7ff9addf4718
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,13088625009555223374,6348157010910037451,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,13088625009555223374,6348157010910037451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,13088625009555223374,6348157010910037451,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13088625009555223374,6348157010910037451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13088625009555223374,6348157010910037451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13088625009555223374,6348157010910037451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,13088625009555223374,6348157010910037451,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
dc8ac0e918c4fee0b1d3f17cbb4295c3

SHA1
4cc8179b08655e8edb07d5a5dc2ff52870d25745

SHA256
a262aed363f020cc8bbf0fb2b6233bc331fc1a30ae60ef9af7600ec385465faf

SHA512
29e1c9dcb781d960d9695c954f47d5aac5e4d5b0e07c5ed76f8b39658d19d5b1cd92b2db819ef973cbd2f07dd1188a99fc2563a314e5a8ed3475aa40de250f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5f310f95c87dd8bc1c6e5e7faf0c31b

SHA1
0f5dceb71e885e4204a304ea666bc7408ac8d5fc

SHA256
00dd3442bea18f3538d2b81a0e50bf63fe4822fee03af52c1ad37ccb3b4b08de

SHA512
1d44d0a7061be92d1f8ec2fbf0d215bd5ab95ce7c3d9e94cacb81c9236c919044ef03e225ea67cc1053a0ff22986a3517c5d8e948a8e31ab5e8b81e75ec7d1cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf3e8eb66a6466f59ec0c2b9bc97352e

SHA1
d4f9c232b0c47c3925f6a3a7d1d86b99f1432054

SHA256
56cdd80e714f336278df5fb0810e00e69fb5ab00bca5024a605b611a1cc2d826

SHA512
02ad030a2ad998b11d336990f6e9c2adf391269ad45ccfb31f24f7c62bd745c479d35558c69f664919ad6362492e134e8eb18285e1e05a7219a1e3000d221244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cf1e4d436385dcf1e60c6642d427560e

SHA1
f7b7f1879612cfe012e8471943ef63bf9d8e2b67

SHA256
686219aadd9cbb6d91cdd2a847808a3e1c2e158ab3e11896937a8f47705e91ba

SHA512
cadaabc7593c63d1c67be4a59e882c0d37b0584aedd246eb9402894a3729437b91bca8665ed4c3c7ccae3cafa8b7269251f09af53ed63eb28e72b94adf81eec5

Download Submit