94eec0024832ff3db5b4ceef2c51a1c89aa9813482476708496cac01cf5b72b0

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2024 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c962012a811f8f7c7b09e52f5ccd90a1_JaffaCakes118.html
Size

100KB
MD5

c962012a811f8f7c7b09e52f5ccd90a1
SHA1

565d5452e57f3ef6b9910ec54d457aab1f613ecd
SHA256

94eec0024832ff3db5b4ceef2c51a1c89aa9813482476708496cac01cf5b72b0
SHA512

7b584b12efec9bd68c137e322adae0f8c710c4f1512f75024ba9807c5d2d1a1c618b514a430d7332feaaf10a819d36fc72a72aac9b182eecfce3b3bd6f51ffd8
SSDEEP

3072:NylRHhJoFt9Y9reM5fmj1t8KNEKcZFxSaN+WqB7DkBA0:NylRHZ9iM5fm5t8KNEKcZFxSaNn

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
3500	msedge.exe
3500	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 4932	3500	msedge.exe	84
PID 3500 wrote to memory of 4932	3500	msedge.exe	84
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 2540	3500	msedge.exe	85
PID 3500 wrote to memory of 968	3500	msedge.exe	86
PID 3500 wrote to memory of 968	3500	msedge.exe	86
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87
PID 3500 wrote to memory of 2024	3500	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c962012a811f8f7c7b09e52f5ccd90a1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbc5046f8,0x7fffbc504708,0x7fffbc504718
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,8460207384298172175,12480359126303667188,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,8460207384298172175,12480359126303667188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,8460207384298172175,12480359126303667188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,8460207384298172175,12480359126303667188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,8460207384298172175,12480359126303667188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,8460207384298172175,12480359126303667188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,8460207384298172175,12480359126303667188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,8460207384298172175,12480359126303667188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,8460207384298172175,12480359126303667188,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3092 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
bbfb1571ce39b4f1e765bad136fcc5c6

SHA1
0366c5b7ec9b811dafcf293593bf618e97271eca

SHA256
e0e91ad758516467bf0ea670409354ccbb2757708912f57fd8062339a813a608

SHA512
7b0f2e63c68e547537088812b85983254d0bf764e984bcf1a1fd49b73efea48b39dd5395825cd74063f651c55fb4b9b7ab29ac1cc0d9cb8e3be0f6af4058c8a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
588fd71b0767a6b2731d8227bc6931dd

SHA1
956225f8b9e3ae46a61465ca3365f29759804e6e

SHA256
1d47a727ace6643c45373b42d1d761e7d29c02d92fadf64c759c8cd6bc1ca546

SHA512
7634e1585703a584b99b0685e9bd204dbadedea7bebdf23960acfd34b7f7342b6e3299e04a5f17a0c20caf8271e92638b1ff40261fef3fbb25e580e29b7ebe80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5c74b0fcac04bdc1ca75f9519e01d054

SHA1
80210821e897cf899eafac7c9cfd5a1d17ecb10d

SHA256
16d2bf70d94306ce2e684da55ffee447c2590b1e8bcce16f1f08a42b49b98a69

SHA512
53c3d75c1ac46d1bd825ed80054bc32be2dce548ce70b42ae37ddaa1234bdfdc04a3b0021ed91bdd6e67e78e5bb46665178503f426977b70cf6c1a7e2ee10088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5b20a4a917a6ecffda1705b4f01fc0e7

SHA1
d748fdd644044de963e1203af6d53c7019661f2f

SHA256
8ca6c04d7be91b0539c3b248059dc633e754262b0170f48f90f4da83b3df7583

SHA512
f38079a806c467650b80168462e00750c543907235a327dd368768721826dcce819dc7301e0475ebe2ef4a6213b8b54db96d1b5a7423b534128bff263a87af91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
74b742f26c911556f859cb76c822b32c

SHA1
bef132aa1803672e4f7ef062f24ff766d88c1fd5

SHA256
08470c20f2e4d044104be4158701c69c358fad316ca31cc3ff76e1f7743975a1

SHA512
e847f1b729017c71127cfb366430602c424ba073acde2c91e45d64b67cfebc9e7a697af85ab9b3a9f91021088630269181fb0c4248b801ef870b23301365565f

Download Submit