b9e6362e7f37b96331ab2ecfc004040b6f3fa276afe4ee25e70cd791a81962ef

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-09-2024 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cef842e977595b60821c166a6261cda1_JaffaCakes118.html
Size

128KB
MD5

cef842e977595b60821c166a6261cda1
SHA1

1c5555095fe2f925bb6ac6204251078a16adcd14
SHA256

b9e6362e7f37b96331ab2ecfc004040b6f3fa276afe4ee25e70cd791a81962ef
SHA512

1611c640cb193ff3fec3677beb7750484b8915a121a9c3a0b4b495e4089e7c5e1ccee3b8101a77f77d52c23f9f2ba3024bd1159be8be187d7b40fcf32a10ac2d
SSDEEP

3072:o12mqdSkpB240oRXfi1t8aNN4OJEV6kcj4//9fP:o18XB240oRXfi1t8aNN4OJEF

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
3736	msedge.exe
3736	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 832	3736	msedge.exe	83
PID 3736 wrote to memory of 832	3736	msedge.exe	83
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 2084	3736	msedge.exe	84
PID 3736 wrote to memory of 4952	3736	msedge.exe	85
PID 3736 wrote to memory of 4952	3736	msedge.exe	85
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86
PID 3736 wrote to memory of 3296	3736	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cef842e977595b60821c166a6261cda1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9f5746f8,0x7ffc9f574708,0x7ffc9f574718
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,11529683621547870008,13100528121995343685,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,11529683621547870008,13100528121995343685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,11529683621547870008,13100528121995343685,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11529683621547870008,13100528121995343685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11529683621547870008,13100528121995343685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11529683621547870008,13100528121995343685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11529683621547870008,13100528121995343685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,11529683621547870008,13100528121995343685,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
e02b7ad43f58244196592433ed74da97

SHA1
034ad9fca5de418667bb84e19f81300bed4f38bc

SHA256
66e691f02b25f5c92d2f81e70fd7b75e21099afb096b4f37e0d92809f2dc78b1

SHA512
74a22fc6638b8d6a83d98f6caa1d6c79a211fa813f0fe5ed9bafd35847315a437efa4530b66e51d049dec3446b942256ae3344d3b3e5049e470a269623aeae5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
79d2c142aa7c9eace2bec27ed5a890df

SHA1
aae5db2b2fec31d303e452aadf03543c0fc73c6b

SHA256
d81459aaa782b22cc70c33798288b660ae6db163105106bdac1e07ea302266de

SHA512
7c07c7e9b0eda18255f5cff6f3b5762292b3acfc857e4521a2c3615cc8ba80532b8ab1d95e17cb8b8e0848f11e8656d6b12368b6cd83066c7a4d42af040bda66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
fc4e09266caf0f2b2a0165acbf4e8e2c

SHA1
52cb9b410166dca4f7ffd134396c9082440765a0

SHA256
70710563e69a49444f077aed983ffbd7392ceae7ce2555f7291383423702300f

SHA512
f0c7421b02e0fc02c9d8fc2d079ab610c878158344419643af761907d217e8d8fa54a8a8fcd97acde07a9e84a2e57bf69d1f4167c2b214a3f676d1ebea8ebbf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a473e265ac3cf7067b471946fa2f4512

SHA1
cac093ba1d15a8ecd00e780cc94b0bf8747ceae3

SHA256
d8295f23f796da657ee0e4f2f6b972e481340444f0b5d3e713fd182d3bf7614b

SHA512
007ade0d4bb074bb363db5eaeb2b40592029e63f444b9748714f6e64ca6021c873a36a5e25435c0afa2134e2510ef0ce61b1a97d0fc093c0ed951d624fafa9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a3eb7962c851bf168dcfdf7042386507

SHA1
0e94387d486348825868b7b801d2da4718d59817

SHA256
81d26cd2779c9ad223bec5c0b9175f6fcbd05be833aa628d0e8123e947147009

SHA512
08378bef37a61cb23a7d14b97843ec5512a1c5417ff7bfb68635d7c76f81192d9bfdfd62f0c693202d9ad1488d82e72e6af677170914de7116f2f84641212ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f6207fbf73df8ee4f630c58c075f9d2f

SHA1
167dd425e42eff48b21eebd10aeabe8f20796537

SHA256
b1013f398c503b1926f5f6f1c680c18487373c7652ba423753ada933b7678b80

SHA512
e15c40a4e5f9e72a23a0eb119e34aabf1913e4fc5f6ea7ae877fc565069c918742b761167224cb4aa290c26d2073146811e798f56729a15a6f32e3951db95b58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ae809e6847923a4a8b2acde9a627fc0e

SHA1
d72087d9a46f4c23f9832d2c2d8d878d7a8f9632

SHA256
78ca1b65cf29fea91a4f4aadcee816088666822f808ee9d01376d26deb440a0f

SHA512
d2aaf91a8624e2ef526aa28b15d7e4ac92dde7030cebe40e8bc4fa1d421acecb8411fdaeb05d2af9e8b75c6253d663e038c16d767eade8ce1db248815e03dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
287f1046b25182e2f3a9e3361e8659d2

SHA1
3818fac9309716bff5c7735722eb3820216dc4c2

SHA256
dbf13f4246b96d0b9060980654bc16f579b9bb7eae3c97d6ef40539ce3e04631

SHA512
17e77f01ce21cd10ab95b2c2017fe01fd44fa4c28c8131fe0ddd70969c19e3f5dc50bb4df396162e2fd35cbe31201b7a9acbf107bfbb9ef529bd5a19a1e5bb45

Download Submit