beb4a020845d5ce41acb454125a6fb94b9407ae075d273c836b6eed0928f4b4d

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfbe7310e79712da03f54580760d42d5_JaffaCakes118.html
Size

523KB
MD5

bfbe7310e79712da03f54580760d42d5
SHA1

e6a8d66d9f414a1658bf446790c6a2ace9ae3495
SHA256

beb4a020845d5ce41acb454125a6fb94b9407ae075d273c836b6eed0928f4b4d
SHA512

5d88a847600cbfbad58c6dc1444abe871187050b44bd20302a5fe5395922b333dfbb996c8ac53d6f0a9faada792301397de093cf3e6b26d1927f171f3d06e9fb
SSDEEP

6144:UnjD5n72tcU3oSgWCVr577M+Tzx8wWSPgWCVr577M+TP3lhlAyQy6J:okcU3fQ5BfQ5BTzK

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1272	msedge.exe
1272	msedge.exe
4844	msedge.exe
4844	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 4324	4844	msedge.exe	83
PID 4844 wrote to memory of 4324	4844	msedge.exe	83
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 960	4844	msedge.exe	84
PID 4844 wrote to memory of 1272	4844	msedge.exe	85
PID 4844 wrote to memory of 1272	4844	msedge.exe	85
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86
PID 4844 wrote to memory of 3964	4844	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bfbe7310e79712da03f54580760d42d5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd183e46f8,0x7ffd183e4708,0x7ffd183e4718
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,386019028170303793,15122147097054022709,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,386019028170303793,15122147097054022709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,386019028170303793,15122147097054022709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,386019028170303793,15122147097054022709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,386019028170303793,15122147097054022709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,386019028170303793,15122147097054022709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,386019028170303793,15122147097054022709,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ec115ce8019c2d55bb6a317b8edd6e5e

SHA1
143228ab37a85368e4b8adbc5f8fe61f92d660d2

SHA256
1d7afd7a3acf93c7dc414498656b80651676c9ff24bdebb97ff67a6dc56382e4

SHA512
4455b7686a40b8a879f04e2272d8fd2017ec383c814c9cdd8b86f303e7557e9eb4a51a5aeba00997e5528db51612c8074d5882a68e66e7ad074a2e3342d5b49d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f48c45826c7d828e49d7e2f2a569fc26

SHA1
a9dbd206b45f83a157d290221d9178142c1624e9

SHA256
ff483fa1d36524bd2468f2b7229eb0f9a219dd251aa2970f6cfaed8b94882f0b

SHA512
8b64cc619eae69cf2f2aac2a5b58ce21e8f76c014a74d270fb73699d830e5835e7ffed67b03276cc55c9a690b5fa9904971f6428db62e13920e48e69f785f73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
69cd2985a6ca3dca146da956c0501d8e

SHA1
6c114f836c17f4434bc902b82baef0fe8f61cb6a

SHA256
27b92e1d85484797d390487807ddf052dda95898c7912b30fdc81437f79dded8

SHA512
10f957d67b4786c9fd02fe1cd740ddf6fec78e3bae7ed98776aa79d3c0439c8b3c867151e3b0b0b5c1c2329989f843b2e5dc53848faac3ef72a84679472de787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
779860624aa380d51b6ef535f06b6543

SHA1
8292093874f31fa19696e65fe9818af7c2cf0d68

SHA256
f007d186fcdc2a1834fbdc1df84bb2918989ebf8f82f6252dc4671f43d9c9844

SHA512
4af0fdb7bc36d0e7a59f1c54e84876c541bb04b0d61670ca182c09e3cee2c53181078dac9e6ee7ff2fdc5349a9589009f02843413efc943ab48731e006c1b15c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
02d0f14316e9b1be22f9243352b206da

SHA1
3095eae1a2f1a8a7d674b413493b4908f52edaf2

SHA256
205be6927b754ae50a6d25ca59d279e4c6fc47dac7f702f976abde1668d285e3

SHA512
f65ac98cd40a600b3d3104626005065179bd6514531fc14eb9d00abd17bfa04facd405d7c83165144b4f51299011b37a3e4b84b77a6da06bcfeffa49d26bf2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
c4c48bdbaf6e81bed2966e0ace7b0c31

SHA1
445a861ef770c4d8d97c5230b25121b17e4ee0fc

SHA256
9f96c7c676efe89cbe94b65266b90708db536481860cd632788f37cf5c9833a9

SHA512
3e76ad1f48d8347a9ea7d57f181141356b823405c1d899c927df3552341d1ba728cd73660931aeaf86d0f87befbf724458027e94431a3fb1d0879d3900898697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58559d.TMP

Filesize
371B

MD5
d8dc05bc0de98d4e5b55971ad57a528b

SHA1
3962149326a9b5525612263d25c669275b690780

SHA256
92662bb98c7b318b66cd872e7bddbbfa67ca3adfa88a40542507cecc2cd24dc4

SHA512
af01f50228a3e7461bbd06724806705f7d5a377118474111144a6fdc92d8032a074808bdd99882c581bf2af4ca49f245de143ce89397846d974f8044197abba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
69fb417e2a140a32c37be1c5eb630be4

SHA1
fc3d035c56bfa87525c7219bab132ae6c7c06748

SHA256
8e02cc57d1403bc4e408b9069747dba5e01265a80ff3c08f1c0b62d914001e69

SHA512
9124812e81df0f349cae4194e4ce5237bb120ee4e9f46e696c979bcf6467a0d4b49fe897f5b65f10416c15cfc5b8aa2e936e9130f14943b970d6366c26aa9063

Download Submit