7007184fe66c74cd7abcda20d7123bc624db0d6df02be9ab2ae5cfc381310eff

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2024 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be0feb8b9ce19efafe334fa2c8bb57b3_JaffaCakes118.html
Size

373KB
MD5

be0feb8b9ce19efafe334fa2c8bb57b3
SHA1

1e5c483d9056d37e15d087022956da0ad4e09aac
SHA256

7007184fe66c74cd7abcda20d7123bc624db0d6df02be9ab2ae5cfc381310eff
SHA512

c56a33909742c549e7f1f6d90dc400c19aba074a500b846b4c846749745366a2be43d0bef6511205366b1c8af308dcb144ea4c93f4ad21e51af606384ccbe9e7
SSDEEP

6144:Toyuhn4dLwS6jWtQP1INEY2cDb0nGNu4bUDFGmt8aNMQYikpsgyhsyrk/wZd/sWn:Uye8aNMQYikpsgyhsyrk/wZd/sW1Aty5

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
3244	msedge.exe
3244	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 3156	3244	msedge.exe	84
PID 3244 wrote to memory of 3156	3244	msedge.exe	84
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 4048	3244	msedge.exe	85
PID 3244 wrote to memory of 400	3244	msedge.exe	86
PID 3244 wrote to memory of 400	3244	msedge.exe	86
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87
PID 3244 wrote to memory of 1728	3244	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\be0feb8b9ce19efafe334fa2c8bb57b3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8540646f8,0x7ff854064708,0x7ff854064718
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13704110055027302066,13209413525956485976,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,13704110055027302066,13209413525956485976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,13704110055027302066,13209413525956485976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13704110055027302066,13209413525956485976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13704110055027302066,13209413525956485976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13704110055027302066,13209413525956485976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13704110055027302066,13209413525956485976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13704110055027302066,13209413525956485976,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f94f694df9e319de14cd55271894286a

SHA1
606a35a329d6c6ec0d75ebdd2d40c99bb6af276f

SHA256
f7bd7f96e9a3e55954c3bacdb7aebddea2ef2ce2620dd7727b0e348246d0b92b

SHA512
ab1f5d0d4c21502c83f491654c0b99160676aaff3ca68081960f3e6c3636c48fd87c47c22114a0c8bb21166e0b391cfa4a9cb68486559561af4ce04d75bd81fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
99bd52cd7b52380f4c3efd970c95754f

SHA1
fbe4e3d7d4f03c4f37e25098e550c22d424d634f

SHA256
68ab24fcf9175962a5c01b176ee72000c53a4d70882a859b630cc9a2129c9f3f

SHA512
ee3d701518e74734d9fe01b9ed8ef921f3808aa940f151cc8af70ef2434d8a2c80255af3ed5e8c0138d35fb1f63c331887ec14a5eaae0ab1e5dd9516a1aa50f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4c21eed6bbcec023ae993899d9b5d222

SHA1
98073d0da8cf49605a99d14829c3720e7e4cc726

SHA256
198d4df16d30520868dc60b0a9b71319cae9f4491cb08b3280ef2ee184475a81

SHA512
8c53603816b5eb9a420356937c73bd266d7fa63d5570434c3d3271312ef0fe6ce32990eea150e115df40e81d5670258847794ff67c1e56a761e6c18b4977048b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f54097b968e8b154537ee1758f7f23a8

SHA1
96e96e54c74d36e3db4bd6b7c2c51342641ef4d5

SHA256
dc5be0d62e9a303bf5963494204b7a3a3d9fcd3d01343af426f204d10eac43dd

SHA512
7c077d30b61a656dc6058cb4a36871c4595ca1db1a6a00bddc61aee216d47c2b90acbc97bdbc4d56241723dbef149f007c23856f3aa9fcdd80eb357ab6d65b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3554df07a34cbcaf850b44f3a5cc197a

SHA1
8fcd8271f5b119ca08ebd240a68bf9c00a83e741

SHA256
d8837b84475808c2768326f00e8b42809bfa889f57f7b3129922729f8ece6c74

SHA512
431b5336f2667510e513ea416fe94b868089e87f3df012f322db1983c8d5d29360ec77a47adc239d3b65dd53776596050f75fd117181eaa3fbfedac886ba53bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66192c166f1b5c5e1dbf2ac8515e946b

SHA1
a7490f99456de097d4fe72e8ad40421e26bd7196

SHA256
51b4d98148d891c85ce045fd5765a796dd456136ea82ac75507e187786a904c3

SHA512
676cc6b900abae680749f7d21432e742c2bbcc23bae478a3d485b79e073db0668aacb546c606679eadecf1d5d3d535438f76488d3d3fddf5d1c5f65be9c91112

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
752e0fbc4a11c1bff1d56f7db001ab94

SHA1
b70e7f6f368a1f66a35a5a654740d617604c6dd9

SHA256
eaee850f6870faefec643a14dd5506e3d1565114c0c119f77e77d17287e0dfc2

SHA512
955afc952cce5d6c3f10f05bab9b339074d1af73edaa2312f2371e49f4a693600ed6c55755375cb57afca3e6a7087921dd351de73e069c1ec1727355a65ab84a

Download Submit