a4d03d28a1c2d7c8ff20329598272ad7124bb76b241ac75e39b7dae1f23c8b6d

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf6fe5b6141dff7a21c2bd2b649a74fa_JaffaCakes118.html
Size

143KB
MD5

cf6fe5b6141dff7a21c2bd2b649a74fa
SHA1

aeceee95ddf2f57f8858ed2c2929ff0a99991ca1
SHA256

a4d03d28a1c2d7c8ff20329598272ad7124bb76b241ac75e39b7dae1f23c8b6d
SHA512

3d531fbc83957bf970f8f79dabff3c1d912e05f0ef39d4a3238e8a02722b83a4c26ba1f5081978952f7071d9b9923ff07ae11140c385bceadfbc0cd514344f64
SSDEEP

3072:xkcloKU5IF+FRFm9TtoPOmcIiQ7GmjQ9tMDRWvhl:xkclfF+FRgthl

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
388	msedge.exe
388	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 388 wrote to memory of 3328	388	msedge.exe	83
PID 388 wrote to memory of 3328	388	msedge.exe	83
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 1432	388	msedge.exe	84
PID 388 wrote to memory of 4708	388	msedge.exe	85
PID 388 wrote to memory of 4708	388	msedge.exe	85
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86
PID 388 wrote to memory of 1072	388	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cf6fe5b6141dff7a21c2bd2b649a74fa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9775846f8,0x7ff977584708,0x7ff977584718
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15930187001943790350,8092115207985032995,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15930187001943790350,8092115207985032995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15930187001943790350,8092115207985032995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15930187001943790350,8092115207985032995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15930187001943790350,8092115207985032995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15930187001943790350,8092115207985032995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15930187001943790350,8092115207985032995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15930187001943790350,8092115207985032995,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
168B

MD5
c0c14e6fd9e777eaac5906305650ae24

SHA1
c27ad393a10c141d1ec4e16721e80ee3feba145f

SHA256
d5a0325b3691d67e319e702f41fe6b076355d456e184e3b32fb37c305aca67d6

SHA512
7f3cd5517eebe86c81e78b1a9f85d7fb5bbfffe561e6bd66ad84f32a521c65cc5c1969f7d9e7bc5922d36f41f12ed738995c203a4c73b11d8abd8e176d12320f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5291968da6ceb0e5fc5071d952cbd7ce

SHA1
87b09124d7c3f157cb8fb352391ff263aedb049c

SHA256
8b83f90b6aa4e2450ff631a04cf1274ba33f92d444201f8fd1b4d8c2c78a2bbb

SHA512
52686691b09e6c0c38191155c5c46c7350d8e4e0de296ba551a97de7b0fdd7bb9b06a74f1c11260f1d785a001b65f755360b55be0711431012ffe60b4362cbf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
917ca8e221d5e2f0c3cfcd0bbf191a35

SHA1
5f7af4ec7ac2b34a9cae2c7611cf4c84869611aa

SHA256
c110234e9a7d118a60016bf7aa504f30cdf99c65e008b707897add8d27dfe542

SHA512
f9de492e81d2240051e59e1659f5b39ace8c1e90ef00d880fc607047d88e4ddc9547dff2b3803b49e3eec6b93f9a4438f3cc8f148c0a5230c71fa2e1d5685a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
365ce85fe984c8c7d0a194d1e9201e8c

SHA1
65a3bc3d6984f86cb9aa367934036f88c6461ca1

SHA256
8613884b91afd7000db5ca93745aa5d128fbf1c9a85ad347d4f0894552848ff6

SHA512
9959eea523d14b49e94ab6150436d9b6cddd09caf911f629d1fc1c8ac443c62686cfa344401140bacc5737a95fd35268eac4b6774c49aa7e78be912d9985d583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2c3117671f442c0a3e0e773fdc78d324

SHA1
d1f224193380eb3ec7c7aa7c8224f6fdcd56501e

SHA256
f5a0c2bac03d12568ced3e3e59880616c7b21d528c9d078ce6302d31b2b9edbd

SHA512
c925f20a1cc76999caa327ad32f626cb12a1c20e6d2667c71e416d17922d075eea9a6f61e845594464eba89c6b9d8b7554a39318a8a867677f9dbd3c1b32ffe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7bbf90f92c547408b45e143991f46174

SHA1
45585235012c8717c7d19569720d14d32d2cb306

SHA256
ea18ac86fa42016bca56daba6bf6f4cb53f108679fe592bd0d62080d3fff8bfa

SHA512
75ba19da669aff21560988e70c8587fc9c60e5e4a26485b191b1c96f6ca63ea2fd469c8501066f18fbdf4267d468c5fac7ccf8232cd61ed505e0e9f1a233e588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
03da2fa362e32f239648f734535c02a8

SHA1
5c585f52e26598e059255a66a7ab72d7a8ad2145

SHA256
badbf1a588782b3a9277d4327dc9f70042696be40b213b1c5e4e59d3b6838884

SHA512
851932cdc6e3f7e9c47987dff537ef4b501329a3bc68ff2dc548c7fac3ab0797b88c3c9cf53921431bd9517ea916d0dfa5343af987e4894d8492cacd52ab947c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db786ce27c978d0f17f9ab952a85337b

SHA1
6eefdea996f696f8811a454cdb47856b772c889d

SHA256
0bdd263f1b8b655bc55978532f5caef8b250babf2840343b1b749e0ca607ce5d

SHA512
21d16cdffa60ae8786bda40da5c16c824927da11355954c58fc8234d84dc72de348c4dcbf522c73d73a1db92dd8fdd378e7149cd491b1ee33b8696ca050bb7e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
73ff40be673e9e105a3183a4189c5ac3

SHA1
79a25c0975ae704df0e8a848cf1b42c16f17cfd5

SHA256
2a2a8ab3078d0126599488c79ceb874392ca9f17747918503a81d93763fa9454

SHA512
d14d2aa7e1d10cbd9c26162a36b724b702e4a78ee373bd49b74b26b9b7abbc3b1d0f905f7ed3265a83db8e938e1f0c10f33f656e24965d87eca985374190acc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585e09.TMP

Filesize
203B

MD5
be6df70a9c08089718d0c0dcfa8b39f5

SHA1
8b5b02422edef706f5f0b8200d0042bb25bc9cb6

SHA256
22111262df11d5cf059a266246a54fbeb58292e8dd86b82d57caa7fc8d982852

SHA512
ea6c8a72ff0be932eef777ae3feb646dd71c884e07fa8d7223ba39e908f32b5b31133cca5f38e43b1c59689402dbc17b71a310e7ba09e960075ca4c17e60ec2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e9c540106f0466f98bf39ba1eff90192

SHA1
f0a50a0234fd4b480395613df860e56acee8cc93

SHA256
97cfa43f9080fc82366d663b56ccd150f7e54e1b9e0d327a86c38f2b8e408275

SHA512
e98ad19ac99f77759701f1a6e7c67db74dfd952239df7fe8128aedf67a339a1dbcccc3ceb430c32628eaa69c5a4678755220795d1cee367f3cbb831edf5a517c

Download Submit