db4a33fbe11a8cb643c028e93b64591aba2d6cc37dc19521df2ddb3561ee6d54

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d654ba8a96c86e9e0207e92b36384859_JaffaCakes118.html
Size

47KB
MD5

d654ba8a96c86e9e0207e92b36384859
SHA1

404f2ac31571baeaebd239692ee952b85148ea63
SHA256

db4a33fbe11a8cb643c028e93b64591aba2d6cc37dc19521df2ddb3561ee6d54
SHA512

d574d8491512fd99516a4ca4eec982844a6efdfaa78a8550bcc689b4a93937da30083b071756d2007bb2e5e3d73cf52122196ce5f4f906b174230e62c2bc13fb
SSDEEP

768:xeP+yUbVLS6dpBagHw8p8IKet2d2A2g2K2JjCHaJ/RHR2KjCgBeJWl9vEPu75JzK:s+HbVLSmpBaGvp8INt2d2A2g2K2JjCH3

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
4996	msedge.exe
4996	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 528	4996	msedge.exe	83
PID 4996 wrote to memory of 528	4996	msedge.exe	83
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 336	4996	msedge.exe	84
PID 4996 wrote to memory of 4660	4996	msedge.exe	85
PID 4996 wrote to memory of 4660	4996	msedge.exe	85
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86
PID 4996 wrote to memory of 2332	4996	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d654ba8a96c86e9e0207e92b36384859_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97c7046f8,0x7ff97c704708,0x7ff97c704718
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7129392249171614335,17427824893098067192,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,7129392249171614335,17427824893098067192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,7129392249171614335,17427824893098067192,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7129392249171614335,17427824893098067192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7129392249171614335,17427824893098067192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7129392249171614335,17427824893098067192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7129392249171614335,17427824893098067192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7129392249171614335,17427824893098067192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7129392249171614335,17427824893098067192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7129392249171614335,17427824893098067192,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7129392249171614335,17427824893098067192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
dd844595e0286f5788d929365118af6e

SHA1
88913bd4e789a2a5603666ae17d8559acbfad7ec

SHA256
c2d5bb385b9ef5eb3582dee41cbcd58144274189d6a5473c74d70e5d5ba778e2

SHA512
e91eac76cd21fd802c638e3b7d3862a1367c8f720c14b140d770151feb570b0bfa94bbe282ae066e30f6c227ee9fd385fefe13da75f9b5b341a67408d784c6c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
b7ac1a34b242724ea24876e58622e2db

SHA1
201f4ec8957cd0b42af7befa6372d15a9efcf990

SHA256
f54242e84a4acb3200034060e1b52a76cd8314cdcc6d5c01044cc24502ff0f06

SHA512
ea2f2149244c42a130e5287e8c422d0ae6322e1bf91499adbb2d09aaba4287cfad090926c08ab6e5fc052ce600de2301dc46413e43f7a325e18c569af80c3c43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1f44e5aa62428a7120cc0f787dc0afdf

SHA1
6d153d33efd2e6a6638c681c95d1210356efb70c

SHA256
13e630601641aa727c0e5351875447544e1afe3eb39c405dda11dc5fe876b6e8

SHA512
522f5e0b942ebceafd3a47d95631ee198ab775066cdaa59137ece7d4647bedc44714be9da4de360c8032d86e5a8e53afdc10e1d9dbd87bce4cbe30d42589b5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c29609ab583f87411529befd44167b55

SHA1
60a433c6596554270d65089553e954ddaf4786f9

SHA256
76175c8c17814cee84c0d601b22379f014f6e7c18964c424ba590b5d87295d74

SHA512
cdf6295440742082bddd4ec6d8fbc56723bfe87cb146d43bcdc5ecd2d9f88e3bae196c78650b23fda698da4606afcfd8f9fb0aa2a08261c39ef05172f1d73bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7a90fca67be89e8e3388ac68d77c904d

SHA1
286e714e0d19c7c84a9b468ea250524c55543fed

SHA256
8261d8ae802055fcb9804322ff56d057c656e42c4920e4f2cd9806fe086a97b5

SHA512
2a5121ae16b76ef4bffb065291602f9297a5de64847430101d1d9dd5e91b5751bc7a1813557a37d509bef07b2b89cf9eb34b31eac33ec54e895ac72c9745cae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
36fb95ac04c4bcce532f27b5bcdf44cf

SHA1
537c829a575f1ff8924f84a3d46998a731196dbf

SHA256
03c449894c2fcade479aa0a13f44f7b246cf67bd80a922f2138299f4fc858779

SHA512
4a2a26df512228d0144ed8e486fb46ac709774f9324f6b361de4692c13f05be62682873a298c5a04c369609e08399c69a5567c393eacde5e7af56d0ec8aa3fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
989fdc735f3ba852fc899ec67a9ee183

SHA1
592aba432b45da265fbd1d455037b8d0e2aa8d87

SHA256
dc49620045a29f1cfe792f863cb4a81230ea261551f0cbba817fd08917d61aaa

SHA512
997b59b5a67b0d41a34baa4fdfa63c03622e7005e466799f20d153f70d421e3af2a9f8e2afd4467c9b2afb17499db7611605594b00d31debf924cb998b74c3a7

Download Submit