f4c8bb17df02ea75179810672fb3c8686e7a68d7be2c0689dac25a4acce14390

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 23:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bfafab9b5fefe963bbb1c8ce9afb9ff6_JaffaCakes118.html
Size

24KB
MD5

bfafab9b5fefe963bbb1c8ce9afb9ff6
SHA1

73651855f3f4f84c501e3fb7277686a65bfe5c03
SHA256

f4c8bb17df02ea75179810672fb3c8686e7a68d7be2c0689dac25a4acce14390
SHA512

30d219abf60f7bb6948ab3dbe87d535f532146b6abe8be227a15de8667bf612fc2c83420d09b8e83882a95e673051974182af603c5ca641c5568355f28651d86
SSDEEP

384:SzrIbnf+VVQ21eLZQqpwmOMn2JqBgemFEsuNAmYEp9If4hmicMmegLtJQSU:SAbGwoiupqI2cq6JQ/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3204	msedge.exe
3204	msedge.exe
3400	identity_helper.exe
3400	identity_helper.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3204 wrote to memory of 972	3204	msedge.exe	84
PID 3204 wrote to memory of 972	3204	msedge.exe	84
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 1824	3204	msedge.exe	86
PID 3204 wrote to memory of 3128	3204	msedge.exe	87
PID 3204 wrote to memory of 3128	3204	msedge.exe	87
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88
PID 3204 wrote to memory of 464	3204	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bfafab9b5fefe963bbb1c8ce9afb9ff6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff515b46f8,0x7fff515b4708,0x7fff515b4718
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2663565276141137911,6768965470128882290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2663565276141137911,6768965470128882290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2663565276141137911,6768965470128882290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2663565276141137911,6768965470128882290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2663565276141137911,6768965470128882290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2663565276141137911,6768965470128882290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2663565276141137911,6768965470128882290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2663565276141137911,6768965470128882290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2663565276141137911,6768965470128882290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2663565276141137911,6768965470128882290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2663565276141137911,6768965470128882290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2663565276141137911,6768965470128882290,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
191B

MD5
7258fd084fee6d7b1bfd6df150b5916c

SHA1
b3bf0597d9616ca03c6c6faf95aa8ba1e9a1503d

SHA256
29de3f94aa70509fc19155806c0807cdd399f0aab6df69823580105eb14f5c49

SHA512
902b4979b29042c22380efe244c1f10bd885de4fba42c6aa43ee0c197009dc9318c014dc9c6533bf27e71bd5bf2ed60368066b3739bada0781a77d4d12e8ba12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9acfc18f681d52d301235fba359292d5

SHA1
27fbed9e947bd079e08c01e0220f7cca297284c5

SHA256
7bbefb0d64e1bc21beb3fea0780305bffb2a2ac3a6834a2e31f95b7771e46684

SHA512
0873988d568099c075a5e1b9ad6d29fd00e119c1bf733dbabc8ad0dfaa549d111e67b1edfbe01d14b18530efc54af0190c51b9f793e6230726e71ca395660866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3733a0994dbad32e01e34d427adfc90a

SHA1
cf418b3f313d59cf106cacec69913ed93fde99e4

SHA256
9912ef109e38ad8b842eb49945dae5fffda4c08c6e970c32463bd3642a40780f

SHA512
e70d42c119c84b0e367fb19873a6e4da7589b508a30bc88b36a0dfcd3173b868c820f94ae302915d6746999d87d04e5d7654a38d5809be005310314b0ecfe55c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0778c349e595923c8cb11e974cc922b2

SHA1
8f7e915055ea1e359e50270e89c7283b6fc2c1bd

SHA256
335bb9446919718c4757f6e11821222be964554b6a8a2ead73b26e74ef2147ce

SHA512
823d9463e53e90e7fcfeeb4a9e498d29021fc7b1a62df332fb04843dd0503ea4f5eef00cbc9ca3227cea8f3f492713e61c26a821b77360cc0c7fe4e7335a928d

Download Submit