2769b9c829e934072dc782b7e65ea7f1235ed7e3ae6f6fe5673c14489f6663b1

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 21:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf7bd1947edc8e502014874faca37db7_JaffaCakes118.html
Size

169KB
MD5

bf7bd1947edc8e502014874faca37db7
SHA1

95f751bc79cfc027108d033848ca65723df9f956
SHA256

2769b9c829e934072dc782b7e65ea7f1235ed7e3ae6f6fe5673c14489f6663b1
SHA512

4c166dc0195cb1c42f5d5d91fee1ac3b30a9a581179b6c49416256c949372b8975b9aad45cacb8eeaf05eaad2eb2993154a482d99884786fb20d619cce281a0a
SSDEEP

3072:xNQ4SPZD3UcjvG8rMZcXmNRS7Ml7rg6BghaKg3Z60t8KNLRCp09odAh0AqAtd:8JvXmNR/0wKg3Z60t8KNLRCw

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
948	msedge.exe
948	msedge.exe
4888	msedge.exe
4888	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 1328	4888	msedge.exe	83
PID 4888 wrote to memory of 1328	4888	msedge.exe	83
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 3576	4888	msedge.exe	84
PID 4888 wrote to memory of 948	4888	msedge.exe	85
PID 4888 wrote to memory of 948	4888	msedge.exe	85
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86
PID 4888 wrote to memory of 4188	4888	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bf7bd1947edc8e502014874faca37db7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe024c46f8,0x7ffe024c4708,0x7ffe024c4718
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,2100044943352458225,11349533117122592523,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,2100044943352458225,11349533117122592523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,2100044943352458225,11349533117122592523,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2100044943352458225,11349533117122592523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2100044943352458225,11349533117122592523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2100044943352458225,11349533117122592523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2100044943352458225,11349533117122592523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,2100044943352458225,11349533117122592523,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2100044943352458225,11349533117122592523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1344 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2100044943352458225,11349533117122592523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  PID:3640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1269ef81d72907f2884b72b35e992a08

SHA1
e97dad50323b8d711af3718c89c31fede85a0717

SHA256
bc40be7990af34352594d286ff84192f75ee37a9f55a54bd27dff3840c45fcef

SHA512
fe63a8722b6cb1e996471770279e429e0759f1ca584db1e1544f351d886df44652c47050e687f19287d9b2b801eabe76d8fd1c390622a5821f9d3052f49fa327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
158b51011c16525091e2209843245b94

SHA1
7bd7cb569eb18341974729978ca43e402f2307b4

SHA256
db71d4adfe2d7d68a5ca010f3f1cba45fdb8624fb6a59971022a1ddea7268d91

SHA512
7d90362a14bd7f018cc78cbb59aedf4cb4160c655df5d00919b9846e59c07153fd702d7b781ac34c37b9dc108cab83e9a1150d4ecd7f87dd2072d5cb0bfcc8a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
83aec3634876b3d36ff46a6f0e102c48

SHA1
8806f5ba762b08a288f87189cd334863bda8fd1b

SHA256
c68cb600dc379e0f4a5c88684952aecfd8c2262a9199937a51e4a3f4e5cf6bd6

SHA512
b0bf81aad155c1f7a13d69b70acda4f047ae2d7e983ec0465f219f242a90c6184f86e3392ebfd83ae0db291d69cb84aeec11a4d7578954066177fa494969898e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ad8a0da761de863ac1e1b45ab5c4c70

SHA1
5636f9e1600caf5bae32f357dcba6d9a4fee2574

SHA256
fa3513471a7c7325d1a4b343d51634b805e4d2113bc966c49c22bba69fa3c14d

SHA512
ba4eb64b14fa15171f96545356942ffe45a2c591e6ebe7e1bff68591b1372dac30f868d463e895927f4acd22a626322bf05f02779f42636d7760eb781b314e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64e86eb01697c1496dee9547e5fa02f1

SHA1
98223d98281dd561f055322bc352c5df20945f04

SHA256
063cab600a3286641027b0c071968ef27e7aef932580ad2823c5c2d7aef4f584

SHA512
8e3c83acccbd8cc20d672529a446416d97c8b2314fc2c38c39264dd0122a378e63f2d76e74e0a4c4992cec909765b9b8cf99ad28dad0ad40efb9d24b0f0a51b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bc4f07b2ce90b955427186da6ede8846

SHA1
8a5b0a0faeb8ecc2bd164a620fdf380796e251ec

SHA256
708df6cf27af7e72be171aa3bb4274cb86a72f4009efab8bf54f3dc5a7461982

SHA512
cc8c37487781d1bec05bbb686d40fb605694b7f3385fe8008cabb023560c2967890685a5570416f33a1f68119d25790e1e3dc1c7f0a8499fe20bad48d893f9a8

Download Submit