17c6048feb90599ccec3c1a30729ea38f51042c65a69342152c0b99aec8889f9

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2024 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c939eb27b80304d744f2a61a35f4cf6f_JaffaCakes118.html
Size

64KB
MD5

c939eb27b80304d744f2a61a35f4cf6f
SHA1

71227fdb1a441981ddde4dfe6b8a24a08e835879
SHA256

17c6048feb90599ccec3c1a30729ea38f51042c65a69342152c0b99aec8889f9
SHA512

05d2ff518b1aafc27dce769f9a8b88c0c073331f5857960d142038ba62775bf1b4cb1a7e42043d221d3237c2a3540184b7a51be163988acab336589832879b50
SSDEEP

768:ldeOtKU1rXiXZsp7Zwmu4MPdL33cRALiPL4izfZpE:ldeOtKU1RqPdLcRALiP1fZpE

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
2132	msedge.exe
2132	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2132	msedge.exe
2132	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2144	2132	msedge.exe	86
PID 2132 wrote to memory of 2144	2132	msedge.exe	86
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 4252	2132	msedge.exe	87
PID 2132 wrote to memory of 3444	2132	msedge.exe	88
PID 2132 wrote to memory of 3444	2132	msedge.exe	88
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89
PID 2132 wrote to memory of 4876	2132	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c939eb27b80304d744f2a61a35f4cf6f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa08db46f8,0x7ffa08db4708,0x7ffa08db4718
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16853385325144728265,4919583109468669890,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16853385325144728265,4919583109468669890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,16853385325144728265,4919583109468669890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16853385325144728265,4919583109468669890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16853385325144728265,4919583109468669890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16853385325144728265,4919583109468669890,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
278KB

MD5
16623e9f7cd802cf093c325c511a739c

SHA1
b364dbd40e67076a03e9d7b061c9b2624d081e31

SHA256
1e7f83052e1e3442c4397ced9555033cd1d3f08444d85960683bcf91c8433cdb

SHA512
44b9d0ed3184fe5f19e650798e6fda22b71a6f316415e08c4ec88af3a4211e9fd335d5f9fc44a070f7b478d7060ae3b665c2d2620bbbce2ea6098bd6826b930c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
72KB

MD5
165aa29f8f7cee61c9c7314520451a4f

SHA1
eed4d8b693c1e498715c985811da1cf08a2d4384

SHA256
ccbd7ed4cde7ec5664fa4d0ca054c0744baae22063cb27cf2ea251d8819083f4

SHA512
1b82bdef532f5fc513a7fb060d92400f7b9f75d0c0fd127f7b08c55af0a39d9f1305a38b641d252ae763600fbdb39e31e558f72c7a89f854c5ca573f94e6d548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
54KB

MD5
8c30d7634a6cc94c50cdc50c92cab07a

SHA1
66c33e5e0b250bb24b75e766f5517111e59a63b8

SHA256
4fc96a2575124684ea6b49ef4d08892948df1fa7fb19fc000b908b65c33564c5

SHA512
8627a2a7a6d2d50760a520cc27a008dc075cdafe8f461bc9442cdec54855850677c45688c8553d39e89353380033753c26ccf1b13f7128fa11593b23d717da3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
27KB

MD5
650bac56875d327ab41f4ebd4c2ac5eb

SHA1
d995a6c21a915007967e68f1cd2db41ad7074f0c

SHA256
3f26a5a4566ecfa2fed83e9e91933a3cde45e6c64ee09cb5db68fcd5112736b7

SHA512
dc600d01f19ded8e1cc1ad7bc04ed1559ce29ddf9b3120f26cfa7a4f86458616876b3f92cfee37213342ebb676238bbf507ea319d5a45603b3fd2cf54f92bdf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
128KB

MD5
0047d4b68a8cf5921d366f710db26ea4

SHA1
4bfd41b25679212b56859067c8cfa6e225266bd1

SHA256
1dfdbb441f3c927c8b0bdaab5370b7432ea08fffbbbd6048281f54e07830d7c8

SHA512
b0ff71d3a4b6f271af8448f1ab5ab1c90300f9b07f079b7ecc6e86e1c2c3361f948b47472a420fdfbe2e241ac6e84943bd8e9a66109e1648aa1ff0b6d46710a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
71KB

MD5
357f3c501964d3140959e145be439a6c

SHA1
de960df004b673e7414eb8755adf703178d1274b

SHA256
537856b354a8c28aeb8e66811e63f774a236f86b7ea5bdcdf41ea76b6a225f07

SHA512
a79489623212a939d92e13fac818d35f7a5517e6bad6de3c3a85756ab9a19b9991a0d1c76610e435d5ab49a27ec548f126a9cf650a927f167ebddf331200f60b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
18KB

MD5
b976b651932bfd25b9ddb5b7693d88a7

SHA1
7fcb7cb5c11227f9213b1e08a07d0212209e1432

SHA256
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

SHA512
a241ebdcfaf153d5c2a86761145b2575cbe734b4f416acbfac082ae5c6eb7c706bd6ca3bc286b7e1a0f9e326729252dcb95b776750c4a3a0d81f2aa6258ea39f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
303B

MD5
27853a3780c1027da99a2bbe56213661

SHA1
2270073ac5f127a5808247c3b0f92af48f5f5599

SHA256
189b7338aafcb245aaa5c4575f233908306f6dd0d301484554c65eb1aaa107cf

SHA512
4350420428fe776b853269378cd020e672a2e5e51c64cb0ec03697c33224b7fa7ac3449274215231e6c9d13f0160300589ba7df6e16975ff3c7fb4835fab0522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b9726051515ababdecf789e77284e6a8

SHA1
614c5b3dd0028ed5d34904ba0c411d34c462d12a

SHA256
09af58488fefbd8dc71bbcbc83bf485f0bc0ff55b6efcb225434704710e8964a

SHA512
f492cfdd8ee185010f7293d59211ac5fb38f50ace313969026b13d075fdbe1179f0ebcbb9cb48397943a1d611ce9a5e1e73d417676b7b0568c8062ae1298e4e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fffa812ce77b39e9c737cdcb16b85357

SHA1
70c4bc0ca8f2dde56ebd4343e562fbcb050a56c5

SHA256
c7586f7f3d2374af52dd38c533307db6c4f7dfe803679be016882d23eb86f9a7

SHA512
23e43cd1ee06e16a322f35e836130970b964c397037412c43c6828954b7b853ffd1537aed9d4786ae5314a2098d829a3ea87f2966e10e64734e54672d2236433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
39be77387f5d137b4a362181855947ec

SHA1
2288354e26681e2927c0b24c1109721326255aff

SHA256
cc4ee98212a6354c9bde83b7ca3c90cda80bc91fbf1376ab3e817504b774eba0

SHA512
23ba549315192121b2e712d27935e97aaa8b04b746a0e90b017066340482a5c57187595fc9c2629082b8c2b908a5d1ed8c8393407fb299ba5532414a2bf46927

Download Submit