74f331522cdd12a1304718917dfb2e46afc2a368dcfffa15c06566ed248a681a

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 04:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d99483b4f834202811086936354c6aec_JaffaCakes118.html
Size

118KB
MD5

d99483b4f834202811086936354c6aec
SHA1

c275ab355012651994fa3b72d320085d46ec8281
SHA256

74f331522cdd12a1304718917dfb2e46afc2a368dcfffa15c06566ed248a681a
SHA512

50d76a2cf7070582f4086eeadb1f11be961f84a6e476feb07cc85562383d744b1c350b82c5c49a298a38431bf132ca04f84f511efd15944f5cba86a1be2ea91a
SSDEEP

3072:9HGpDSnzYZSw5krCO0/V/8rnOL55ShutTkWPxpJM85SWjF/9PcV22wOoS/0Ib+b+:9mpGnzy5krCO0/V/8rnOL55ShutTU22f

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
3628	msedge.exe
3628	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 5012	3628	msedge.exe	83
PID 3628 wrote to memory of 5012	3628	msedge.exe	83
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 1876	3628	msedge.exe	84
PID 3628 wrote to memory of 4000	3628	msedge.exe	85
PID 3628 wrote to memory of 4000	3628	msedge.exe	85
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86
PID 3628 wrote to memory of 1860	3628	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d99483b4f834202811086936354c6aec_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffeda446f8,0x7fffeda44708,0x7fffeda44718
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13154465791750187664,2949467413775141080,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13154465791750187664,2949467413775141080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,13154465791750187664,2949467413775141080,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13154465791750187664,2949467413775141080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13154465791750187664,2949467413775141080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13154465791750187664,2949467413775141080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13154465791750187664,2949467413775141080,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5240 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13154465791750187664,2949467413775141080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:2436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
9ccfe60fe6af0fadb12d621475c90343

SHA1
23bb9ccb2185ff11ce82e67440b60b055df802fa

SHA256
b8f8e887d3f5358d4e019db135e8f325519efa9497d573c9eab6e294b8998d33

SHA512
f545f51d312d4270648bc4a2a9466901b38376d21479727795027b50ffcf9e15f11389b4905cf5ef7b5c1dc3841fddea369bfae1d1171e3fc0341dd750290985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ac4cbbad47fdd9f78a72549eb885cef9

SHA1
5bcc5084ba55d55cd2b62c00c68b23f1a43fa974

SHA256
d5ed70c67e00a79b66c3926e5890bc219364638018ffc9a05dc6910e24d09915

SHA512
64e27f80b5b99f38fea2ce12dbf28e6f0a97e4db22a3831363b2379b551bb6218cde49a1fa2b7be5698faa3887f6531af9fc8975e995013756cda442fc7a3c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb7b3f1200461009b5d8a991ab42f455

SHA1
c98bdd2fa0d0d788fbdef4e46673f802974112bb

SHA256
fbe93ad983bee79f0549367aac682d6904fd5ad2b44b777842d66226c86b4ab4

SHA512
df4873ebbd794dd5ea7d83ca62bb26d52e2244d6a44ab76db5fa1d145edbafe886301b0222b6a6c353a81a12b51b192d77a2402cc0f6aae2200c858cc8afc097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
29d360e384957e970ff885c99d650508

SHA1
8fffe0aaafeaf2c4c03b009dd3571472fe61a6cd

SHA256
31281d2ecf7afa06be4dc85ae565a68dd9448efc39b9a36cdb33d924e6973f49

SHA512
97c3d08af71f948fc2cb744f7963559dcd01e149a647f9a4853f9bf9c95a784fa303695f66ddba27142625bb16683ce11793f5b1ec644d80c24b859d7e160d30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0ceb169a24f2ba009cbabf0e409661a2

SHA1
eb95c5bd78df344058b387521f22edeaa7b31020

SHA256
7fc386ecde3970cd7dc9248ac8073a1f41c876f0e400ff3b3ffdfe67f0d4190a

SHA512
aaa2e6f3671ae01c3fb4b0f3270de1f44f8d0fc72023db87496d31c3875d77ab314575983acf8100a33146afced5fef4ddd998315adada61f1e0d2b327290de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
85297bc4c943120a375db1d02c122472

SHA1
613e1a0ae4fa7a97155d7c21fdf2b1b42e8306af

SHA256
3086f1d81b0584fac7688c6512791b0eaad5efeba53f1e8da354e8f30859716e

SHA512
2c935ef1e05da5a6ebc8b3cae0236730efaa9e2ddcf8410e27a506639cf00ff7abea77c4c868c0c163ee7292d2a7302b17ec8589e0a8622e18fc786e715b4661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59a53f.TMP

Filesize
203B

MD5
8c568cc7d57301fd3e7e126dadeca8a7

SHA1
21afe8a5b3c1b2a026176cf7c20cfa4c7e67cf03

SHA256
c43401ff3c4bcba29cdf8433592d62f7c74805ed1c785be28f04afe50334cba4

SHA512
89e7a66a0e474bef22c54d912a9ecb2ed7a378bbc684d63c6d484dea4bdeaef3e92d63aecd574a6bcf1db208917ab6dd52b43f419006cd440ab59de89326f355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c575f54096689de55d6108b1f0603698

SHA1
46a0e0c770b9b906bb394b19d3f81ede18e7422d

SHA256
4948dabd19742d7895906dda7d960e43d618f5930fd71d8f732b202f194043f9

SHA512
61ab3b6b0d2c19bcc1a571bc9da34556ed393b31a1c655d7cd8dff79bd65cfe3c0b648e9dfc9612cdb43e9464e46ce888aef16a4036c48bfff768666f388fdba

Download Submit