d577b0d5bd01564b2f498b74abb375995f71e15a2f989adca4436fc52720e532

Analysis

max time kernel
147s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 09:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c89a5fc45d204ebe73fdbdee353600b6_JaffaCakes118.html
Size

52KB
MD5

c89a5fc45d204ebe73fdbdee353600b6
SHA1

72748410a11251c6447847755767862ae97783c2
SHA256

d577b0d5bd01564b2f498b74abb375995f71e15a2f989adca4436fc52720e532
SHA512

da3177b90bc511e3008535dbd0311571249b72752a9255f3f2a3d56b2fa74f68191301546f06e91b9ad494671dd214fc123a7399380383b90cfdcd4e95b0e6b4
SSDEEP

1536:SdVPvg5HWzazqzSzAzFzpzSzCzQzAzYzozczsz9zVzvz0z0zvNU9Qksbnlu1qm5P:Sduh9RZYTt4z

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
4484	msedge.exe
4484	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 2260	4484	msedge.exe	85
PID 4484 wrote to memory of 2260	4484	msedge.exe	85
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 4888	4484	msedge.exe	86
PID 4484 wrote to memory of 116	4484	msedge.exe	87
PID 4484 wrote to memory of 116	4484	msedge.exe	87
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88
PID 4484 wrote to memory of 2816	4484	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c89a5fc45d204ebe73fdbdee353600b6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9835546f8,0x7ff983554708,0x7ff983554718
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1780198274730542789,17236208609137254174,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,1780198274730542789,17236208609137254174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,1780198274730542789,17236208609137254174,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1780198274730542789,17236208609137254174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1780198274730542789,17236208609137254174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1780198274730542789,17236208609137254174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1780198274730542789,17236208609137254174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1780198274730542789,17236208609137254174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1780198274730542789,17236208609137254174,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\551be444-089a-44b1-b4f6-5a581d70dd39.tmp

Filesize
5KB

MD5
14018513ae0c3add784294aa4c3fbc98

SHA1
1cf4de6e4ecd1673b7e49826fe99b231b16720b5

SHA256
970045146f0d1f8d5d74fbae767ff61a4316cab9e6904ae05a19a9ae0dfddc3f

SHA512
99872556acf7450dd4cd2f13b0e140e04d16a0220f0ddc4473262ec1da963a2c71cdc3439ac3b31d2b4946cd58638f9d9c50b3c521db56337a5e7d3f464793be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e16f68b54523455edbcdba5085218457

SHA1
438314202e22abc353ecbefcfaa52cbcb0febb18

SHA256
7b55dc932082100d3751996cf1136216edfccb9e244555c81f480920b1252b75

SHA512
58e09cf681443480b280fa4cf173c3b7b817f75daad4bfbe885a4d1405ffb3573eaaff65da09a2af3e4a515dea03c5460d85ea063331be6ec5ee67ae9047d17f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
704ed11415dd9674299bbb933a004715

SHA1
f972b7c1994fb40b872d7bf7655d5ceae80d52e3

SHA256
07cd8ced6666b8b211f49646c8d2d621c0af5a960e5629168b9cf8cc5ccac513

SHA512
d120f0d913de4e270b684bfd8b44a209c59c3e1eedc679919f27fe38738ce65ad97ecdba0960d17a9a061100cd6a5b605f973fe36413f158adf1a5e739a7f230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a09daf08217217e4b8f55bb2d9a55944

SHA1
28b1ad70f945338f10ffb57e7a8c545e6c11a1b5

SHA256
f5abdc8ea4362c9f55b41edcd0605035a60b3be4ed0f86dc7171de0472b52ad1

SHA512
6e28629bda7e7418ed9021818426d39c6b3bc0e6f378734e4dae2265c8ce35a54ddb48d756c1e4648a98ad3b24f7ba13e1306c96dd852ec32381a14e8ed994d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22feffe1ea4422a6a4e065fca872b75a

SHA1
90ab8b3756b74094684e18518365ba7e45feec2a

SHA256
8bd3c3a1bbe354e4275e72445f466ea5f794d7fc799c24fe556db74969d0968e

SHA512
a0e637f45ac73e9cfafa3d73bb37ace4c0681e6a4e13a8fb4ac68828ccdb52dd807c142f03faf37b28190f26fd719dc61a62858d42fcf69382398a58d81bb8a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a55dfd1264edf11034a8a051686f094e

SHA1
d7a75eef15ae6609721e8ae1cf0359592c4bd0b1

SHA256
9ae3ba431963c8d5b8f717f990d0530d21e04e331539ddcc08e22a15b8de4367

SHA512
7d420dbe1abd12165e745ea7f178e47f99d9380b7331758d4d6b2f8636b34597a5c6e304178ca1ec5c965a490ed5a18946d27515bbfecda9d87ee1852b9cb689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
a9ec1935b576f52d83aebfafb38fd4fa

SHA1
f275851128c614e4f1f2b7e45fbdf59804b44c54

SHA256
74f298675df7d5b901ebfe10116a2296e2875c79338347582d8183b7e4bfee33

SHA512
4f6cfe5052d45634bf92d04e28ee9b14815c8b11beb516a7a097d7ed02b33b0e08a16bb68f6ff80cc84006e0155e77e5d9c4aff8cfcf468dc87b3fdcaecd75f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
047a0d6ed4191b126b7fbf0a8b9e97ef

SHA1
4378b967676deafd4df60dbda2f6e6a9c3d6d09a

SHA256
4d0ec4c4219237de80731d780ad908f3be40da1acfb14121275302ec0890c85f

SHA512
366c952aaf2e952010803d9bba4c0a351d9aff1bf1eebf12515525d7f8f628735821f8ab457bb6c48d17a7b1117a467bdf3ab76ca3d487c96e8164502dd70e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590054.TMP

Filesize
538B

MD5
27508c525eadb72fc4fee90aec7d86c1

SHA1
9937f0fd83f098a00e80b867625fea5e197ad9af

SHA256
11f872c7cbf78ead852c94b7ae5910bf828c2b8debeeb1efd991cafa93816ef9

SHA512
d567794a65b59290381f13841d4eafa5d5fd38f66f83ef853abf8751b2eea414273990a16aa009fe8378877a9ce996a53ef503399467fc04a63132cf85632a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a3bf5f648c2e3c5b16b71b115e788292

SHA1
f6d8b1290b736ee1282c70bc08456642d541372e

SHA256
7e9f3f53d3a08ebc7e908e5fb7a6392be5511d5dc5529cd2e89e2f78f1fd10bf

SHA512
3888ecb28e98f1b627f72cbe4780f05299fec4493314818d8cc592ee43b5fc62976f12bd0fbed48025f786d213ac6086c26b850b0d5acbf3cd39e3042f532440

Download Submit