b1113bf70050e0e49f0a282cc754bc5a50aef3c9edf51aa948718d2307b5215c

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2024 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1a5a0650469bf94cfd4196415789317_JaffaCakes118.html
Size

112KB
MD5

b1a5a0650469bf94cfd4196415789317
SHA1

89fd429ec793fa576b569e54f5d3dead61b40832
SHA256

b1113bf70050e0e49f0a282cc754bc5a50aef3c9edf51aa948718d2307b5215c
SHA512

2e70180c129efb2b5596f12c729222da681873ae586cfb91d61f8629b3478f76e0eddcff04101a7230ca489707ef192439bc8b4853491be7c0266559bd65175f
SSDEEP

3072:uJUcUcXmNRS7eWa+M0h99VGdszSCDQGCd:utXmNRRszM

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
1676	msedge.exe
1676	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 4956	1676	msedge.exe	84
PID 1676 wrote to memory of 4956	1676	msedge.exe	84
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 4984	1676	msedge.exe	85
PID 1676 wrote to memory of 2452	1676	msedge.exe	86
PID 1676 wrote to memory of 2452	1676	msedge.exe	86
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87
PID 1676 wrote to memory of 1116	1676	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b1a5a0650469bf94cfd4196415789317_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcafda46f8,0x7ffcafda4708,0x7ffcafda4718
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6644965141041397676,13414779338723149493,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6644965141041397676,13414779338723149493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,6644965141041397676,13414779338723149493,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6644965141041397676,13414779338723149493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6644965141041397676,13414779338723149493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6644965141041397676,13414779338723149493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6644965141041397676,13414779338723149493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6644965141041397676,13414779338723149493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6644965141041397676,13414779338723149493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6644965141041397676,13414779338723149493,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
759da4a610cbe6215ba43fafb532a38a

SHA1
cae79e7ba0ccf46eb92a5b95abe19ef72a03774f

SHA256
dd3b8d5c1231e55b9b7520632238d6d2fe66f70c45299432d60ba7b0d4f6abac

SHA512
3dbeaf8e92bb3305460d1e665f3bb7d0d646e6dee49fe570b6c0c4871ce21c7afebaf4f9c569e3c05595c7c8eb2a34aece11eba45983bf0021c8ac7cf85357f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b40fef6f7e568e4b0c1706d504a546a9

SHA1
f90f766a98c4a0228e62c95e1aafe412bbbc2d0b

SHA256
669386b10689639783b1a506329155718aeeed9f5a717fa1cbc5beceb05a32c3

SHA512
200c32e98ede85cbc9f5f1976bb68dade525fa1ce21fe7bb27b0c0f52a98d5fd47936af402bb0ef1e099435a851131c85f11c8084c5cebe2ad9b6bfa4a427ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c46bea058330cbc97a9a19bbfc095838

SHA1
135e28fd9e5df8cf341b551f455be819789ebd23

SHA256
4a7c0f4707115c6709fcfda788f9cc74ba0ddcdd0e3160d0bcff3bd767f1b1f0

SHA512
0768183728847c46e5baad13454e3f103071fdc4196945ee2ee45750afd7f9a1f2bddaf83aa6cd3c915d98e8dca2779ef1be9188c883fcd8926743f8bd18d05f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ac5cdf00461a8c9f9f4e024d05993a4

SHA1
6199b2911d1403dd249b60e5f201d6b490e506fa

SHA256
64b3ea95d40687a372773790f6f57b45bb2dbe9d7af946d09121b2653f57ba72

SHA512
645ece6fced6080032107df590b822b7082d233843662c044df445d9ff117b8c9607141f3935038286fa081185c2b62c54794d3b9090f1b6b4e5af3fd5006e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e3570644f2b683b360124c774ed0ae4

SHA1
9cfc195f8384e5e51f3741d32a56cfd51f857d5d

SHA256
dc297244b1a29c4df67eac57251e38a628aef2c60117ec2ca0c53b3dc193249e

SHA512
9da6c7ac46beb422e51cc1c46af4f0a0f8efc48ac6880db2c4570cca0adc44b1b373bc2be25868a3b443ba80bfbabd2de412852c91b6cd7e116d5d42bf37d483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b1ffacb33d8a35cf3a32f9d5e9180cc

SHA1
5b4690b6c8680046b7e5443e90d7780769d7b68e

SHA256
b0e0846209fb767b85c3f5835af9e6398b2fdd3b59b5e464ca8543371c9dd286

SHA512
909399b4b8fb43557ce0a0558323cf439261f8014ee5538740ad4b8997be94577d7949cf4738b349081d75dfd5e48e5e0f4a97ac8066e92b2ed7906ea79fe861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3041c0e1da8a1b9316ace531239a3cd7

SHA1
da2839376b7ce97918a63a7e536eb0bd7ec2815e

SHA256
0781ca7f2ef0418e97d9cfc45abb52d9b1aa258380e72a98fd8def39f3abef6d

SHA512
d11bfb6059a24de8e341bc216a854b79ccf4bb91874955fce300143ec02f8509fb35beb09179a5974e97cfbec2bdca5c39b1ba5ea36dc69f6738713b9ec581d7

Download Submit