4484a06d561d6ef092bbee8392790c7c969ef4a58aaf15316f26c552ec016327

Analysis

max time kernel
149s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 16:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf0542015238efa0d29b615327fb1ac4_JaffaCakes118.html
Size

12KB
MD5

bf0542015238efa0d29b615327fb1ac4
SHA1

9ad92f5b3dfc432362d81d7b1c86d347c58b9844
SHA256

4484a06d561d6ef092bbee8392790c7c969ef4a58aaf15316f26c552ec016327
SHA512

88a9ff68003a5e07a9099554c4b52196e2137f9e633553f85a088d30a51597ce5f3f942363c57b3e97d34afdf6d50c1e4f1e295c1bd3ab9801252fc37e208ff0
SSDEEP

192:UhVqp+pGpVNoS9JbV3So0lxKx0JfJiJJ15JxJCTV3iGWvWVadki:Yu60Kxo0lgxBL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
3468	msedge.exe
3468	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3468 wrote to memory of 2288	3468	msedge.exe	84
PID 3468 wrote to memory of 2288	3468	msedge.exe	84
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 2520	3468	msedge.exe	86
PID 3468 wrote to memory of 1728	3468	msedge.exe	87
PID 3468 wrote to memory of 1728	3468	msedge.exe	87
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88
PID 3468 wrote to memory of 2632	3468	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bf0542015238efa0d29b615327fb1ac4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9023646f8,0x7ff902364708,0x7ff902364718
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11645332629523437012,2597120915590584287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11645332629523437012,2597120915590584287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11645332629523437012,2597120915590584287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11645332629523437012,2597120915590584287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11645332629523437012,2597120915590584287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11645332629523437012,2597120915590584287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11645332629523437012,2597120915590584287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11645332629523437012,2597120915590584287,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a5432ba271c8c9515263ef1a45de81df

SHA1
c35336f4f238482db32a3f3bb0bb09f3126a6225

SHA256
4b309eca4c13b1375f52fa26bc177d8706b14f8f7bbb72670a734ae3407f2bae

SHA512
1e811cb3db1f6f1661fe624e256ed6697ea0af9c96b17d998637ff8598d7289703b16ec47def16c179b965512b1cc746569fcd02da4aca96f1b9a9c54a016825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9229cd380c4f880744d0541ab9ef5957

SHA1
87697ed08270986d2b191747995e58bad5501f61

SHA256
382397507e37df622102a87a98449a4c23955210b0803809e4697bd09e4abf8f

SHA512
8bf72ef4617aea4afa73d0caa50631bcf63c52c8a4cf450b2cb05a0496c97dd98f177d698a203f2c1703205723782c6267ffd65f396bd5390389871befa8347b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
408B

MD5
8ab4d954afad7129dbf46139a39906fc

SHA1
11e9c1df69446e869c3b48c1d846ef22cb50430b

SHA256
69a4f6c4e1989941b5260ed842dc597b02c4e592aaf6c45227d1851a3bb2f7cf

SHA512
6b91fe7919a432df2019e4196c2948d8680873eafc07662a38e8df2561e618c3a0a43ea54a887e9df3ad1fdc91259374a3ecb7fd25b8b9f625346442447e781e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
71fbaa597ad16da90efceb74317cc0e8

SHA1
e52708d7201db7ab3ba462d74cf82f96d5aaa262

SHA256
2634cb2a38ec035c1e644d6c2cfc2b1bf04d3ff8d407cf410a6c0fdfee92ee11

SHA512
32342820060880ad44a83a1f8d31b9508d2fb38674f54286e4165eb73db4568dbcd99ddafa54fabdbd23108187cc6c8e45b961409852ebce6b06f0fac2006ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c3cf4dd08f1998fb494666464972fc3

SHA1
805a8e98ad075246f648304f4a0ac186d58a7895

SHA256
0c893d7de244accc3f823710195beb0d522344d89fa3a1de110d70644e78904c

SHA512
f16a62f89c579e2a416fc20e8c10718929927cc87f7291613dbc588fcc9ccf4c5f75615b16801b15e82b3383d64d0252fbcb8fac5609c0240f127d2b8abdb049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fa5a7fcc1a021396ba25585446d4c8a8

SHA1
1006d17472f35e6161bf2e748b41ef4ffd8fd3ce

SHA256
e519639c13e6a54df66112950f30b17bd944d59f496f6991bf6411d596bbc7e6

SHA512
88a05dd4923f97a8f517b5e43f890d16b38afb2815fcfd97e31f9f5349f8db60d560d5a04731124f8133f45ab1f17623706085b1c52b4be0e4033ad8e1d90d3b

Download Submit