79caf84ec5376d3b539983147196b3340e73f9f904ffd529ce4ac1fe031ffafc

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 02:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d35b75e68b09d5b0cab427a2242199d0_JaffaCakes118.html
Size

90KB
MD5

d35b75e68b09d5b0cab427a2242199d0
SHA1

ffa1a8e1906f8085f4a591c4f305482aba4f2cb1
SHA256

79caf84ec5376d3b539983147196b3340e73f9f904ffd529ce4ac1fe031ffafc
SHA512

34538934967211bf134563057f467786cfa65f20e1dbf206412b8915b07d4ab2906a0ff45128ba739b7ecc3040d5f3d1e5b7a37f30872ad8fd0adf5a7e5ddc04
SSDEEP

1536:6/gkclBKXcI0IWGWOG3Th3y7EXBruxqBw+cygp4C:6/gkclQEIWGWOG3Th3wG3w+cygp4C

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3280	msedge.exe
3280	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3280 wrote to memory of 2724	3280	msedge.exe	83
PID 3280 wrote to memory of 2724	3280	msedge.exe	83
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 376	3280	msedge.exe	84
PID 3280 wrote to memory of 3864	3280	msedge.exe	85
PID 3280 wrote to memory of 3864	3280	msedge.exe	85
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86
PID 3280 wrote to memory of 3632	3280	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d35b75e68b09d5b0cab427a2242199d0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb6b846f8,0x7ffbb6b84708,0x7ffbb6b84718
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,14412532293330154579,14693529237246591267,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,14412532293330154579,14693529237246591267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,14412532293330154579,14693529237246591267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14412532293330154579,14693529237246591267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14412532293330154579,14693529237246591267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14412532293330154579,14693529237246591267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14412532293330154579,14693529237246591267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,14412532293330154579,14693529237246591267,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5b445adbaad6aa9b1acd0b3cc5232453

SHA1
2b0cf9111ce4495123ca4bd7f22e39eb3bf90055

SHA256
976f66f1eae8d04f987524cea23d6b4d9ad1dc893612cd3af03f1b131ba47a43

SHA512
0219078a10b9b9af0dfd9550a7d8b97dc5e684175a8b61f1141c1c9005ce316264747c2907e3b30adaf1229397d9c865ba4e2b3c460423d00a21db02b5e3e9a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
26d9d6ae25984e71e75a9d82e8025ed0

SHA1
68d6e397e7925f23681ea7501827d7fc037f0d68

SHA256
905a0ed74da7c749b0ae53108ea654f6b6bf046f780f83469b58d830ceaf32ab

SHA512
34c95a19c9e654f7c1800eeb9fc46ea3a5ce47713abbb3a8233f78c1ae958b269354c29d914c75dae2b06012a0791f9ad5d88eb63dd98863f4565a9d64ba19d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5237953673d34d5506acbca137ea262c

SHA1
29cbe91a7d9762ffa766c844617373b578664afa

SHA256
0fd659ceda6f2a1eff24c94049395f00f750c858ce72bbf38b60380b0fe08dc6

SHA512
360bb3086e18cfe1356d426e812b656e935b8ba3d0611cb6fa0d196921449fdbf91a459bf79b94bb63b1a9cef0c361c3cea1307176c175621670f0c4625d15d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
88d4c08d0b95c6c0c1e4ec6f5598d216

SHA1
2c34f32bbc518889ded2ae9b3eaa41cb593b108e

SHA256
63e726163dc1feac5404f25f13f8b0819d26dee4ed4110b88808e8fedc23a1a7

SHA512
abab6fb5d466057a1ed1b292b840383e4e2293bd39c6677343a9ae7fe2b8e34cb631d678fe919fdfe6ac277912df93d5fe113e74a185f889192fb77791d1235e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b75f29d1c54310eb54aacbdbbe02e4e5

SHA1
92f0505f571bd5df9234f4291124a2da648ed566

SHA256
f49fbcec311c6c7b5601249d8ee227ddd75439fae2fb7a679a80dce5d03b5619

SHA512
6c5074c49b5a6ccf8ac911c62b06ba379ace792d2d1a2621f04d7d5d7f60ed8e99a87898d9000a340d1eea9b700f92577e97a18b36a9bf3c9822ab5648929d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b317529918916096629f22692a5d3685

SHA1
1c9399c7a9c5664c7d0a4406a62341c96ae5c969

SHA256
e092e2be70898bee1df310fb72a34cc3d235c04b57c7b0ad82c66308acf02295

SHA512
1a7f56675247259970a30cf8badaa52fea76e0998af48035e9adaec6e5a8a301bae4fce36ca7c58b169fef5b39749d58939073826bc50306f771419d6b4e37bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
447380974022e6fa1e6f20096e540d6a

SHA1
52caec36c784db9edece36fffa65b3e3fc10e2e5

SHA256
0031c282d39842e322b17003e7bf20c638944c1204575ea93a44ca1bbe74843c

SHA512
1270ffb2a8ff7aab4beaea1fa4cce9c334c0d179fadfaa43b0cf59bef76acb66a9402d402e85ee75902ac7ec90a95398e53c5403980f93c2e1e8ad43e45a51e9

Download Submit