83f7bfa82d2f4f954842d20e7254d4bd4f368ff370156b7e5837936e40ac4bd4

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 23:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dd349743bdb60b2be1e247a9525f8ab1_JaffaCakes118.html
Size

73KB
MD5

dd349743bdb60b2be1e247a9525f8ab1
SHA1

846898a57559270fb48291c2e68ffa765971968a
SHA256

83f7bfa82d2f4f954842d20e7254d4bd4f368ff370156b7e5837936e40ac4bd4
SHA512

942169046ffa13a38452db06cfc1fb71c86a55f34f16d57e2d8273daa2ea0eaffbe536a29dae9eedc36816e26842c0cd0cac198cfffae52ae4b1bbdb38a262ca
SSDEEP

1536:qZIxUPAFBWnhpjPOpSZTSdU2eVUDDk/UEQ8/NZwkB4uCouJ:qZIx+AinhpjPZZ2dKUEQ8/NZwkB4uCP

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2552	msedge.exe
2552	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 1512	2552	msedge.exe	85
PID 2552 wrote to memory of 1512	2552	msedge.exe	85
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 3080	2552	msedge.exe	86
PID 2552 wrote to memory of 2084	2552	msedge.exe	87
PID 2552 wrote to memory of 2084	2552	msedge.exe	87
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88
PID 2552 wrote to memory of 1052	2552	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dd349743bdb60b2be1e247a9525f8ab1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb91946f8,0x7ffeb9194708,0x7ffeb9194718
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16427804049827985068,1701630503459592356,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,16427804049827985068,1701630503459592356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,16427804049827985068,1701630503459592356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16427804049827985068,1701630503459592356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16427804049827985068,1701630503459592356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16427804049827985068,1701630503459592356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16427804049827985068,1701630503459592356,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
33a83c16527e4531fbfca2631f653674

SHA1
87a63514c262ba4bffc52d2ceebb3ca14353507a

SHA256
1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4

SHA512
f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
45KB

MD5
aa6a698d1c7fc6d35265b10af5570e9c

SHA1
00da372ad4964a5d5b8afff7fe1b207ff284f232

SHA256
02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a

SHA512
f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b7521b676920ee7829b5455713af6a4d

SHA1
f7be86ccb296d87c91f7c259d0d2ca0b690cf589

SHA256
ed0102a2c01ede474e5c90ad894e074feddd786bb14687124bee2b1e4c0b2d97

SHA512
5c4dfa5560ea3c7c70b306091994b88a3908019555c1e4fee7ff31b48015d5cf596eae7ef09399cf6c686e60c09e8475d3e7fdb1428bdc0ca7012e014aea315a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
fda478b8b62a53247c64d79d0b0c16bf

SHA1
633fab3553e1ef20102211089a11579048e6b08d

SHA256
45f92255d78ce217127dee190993e3e4e9d0e39eb9a26632ce6b30776e38f946

SHA512
553273c70f0a37951c457cb0549d77d0c36c7741c851d137db65d48888b07a274535c5dfb68ed775f914cb7fa8db3510ab3091b2d31efdc53053347ae4191ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b3175c5c8f17e796640cc38c0fb22c07

SHA1
49acdc7de7faff3357baa5b4be356b73227b83b3

SHA256
6fba240369f63f2c9e49258024488932113954f979e14fa010ac62928b5b44e2

SHA512
44e225d613819b48948546966d0040ad0cd5ec7c2daf640f5d73299993f8c87fc20dd88e472b608ff1bbaf31db197b01d1526cbd640250e7cae2d26110d4d7e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e401636d94907aa12b99e528f127cf67

SHA1
86b4048ca82b5b0c852334dad000777fd2914292

SHA256
09cb31aa05cdda7d89f77fc3020ccbca2c766c6e072c86f90c05f235891a8a43

SHA512
68f32f33a6fb7954a98e695f5e7b21d4560b7523b04a565bb1e0fd33438d2f1cc8d4a91ecb1d14a5e71a2d9bc4afeb9084b7d84f223b42b6339c3be024118e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07b082ae8cbd54dad8b4540743f169db

SHA1
9a7ef4efaa54a90ee4afa9d2c7849b1959e099cb

SHA256
bfe48de12e642ae92550ce885b805532f256fa84e2a0216197277e3ff39f0573

SHA512
2861679b244207dc5f6e5a93be6a5bda78e4aca1a32389823212981f941d463c6356c66c39f45b68881d5292a7ebe3b10b0195b67787db166122743064195817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbf308d347fa0ff7b74cca1f444a7ced

SHA1
4c8147840ec9b4c1029775fb224931230adc78fe

SHA256
e209055a9deab94551d6fd52f9e3544831bb6364bcdcd31873db4182790d9202

SHA512
353a550792ccb89ce015de7be7c4bf78f53165b8fdce3a55e84e0a45f65a75bedaef93a4fbc71f4c281b042e1e58139b9505ae74a73a4fe68a58c5c3c7be0562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f79a869acde6aff24a653d7e5be78e25

SHA1
e1530d8f189a3ee0cc8ae6e1050b219fa01821cc

SHA256
91e10515db42ab608011a0fdb2c524ddc6eb5cc178b3ca6fef836ed80b05ff49

SHA512
0fb27f740c1e6361e5fcc82ee8c26c770c5ac210f7e1142f4001e951d9ed761f0d7d990ffb8364f7da0c5ca070b593b23ee32f5ae1429e8742f958b583c03e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
11861d326d4eba847c85d5c95d81bce7

SHA1
aab810fa78a48b8966503ad40cb6a4f3d56f93b0

SHA256
01c3c03192d280b7c9f8d82ae147322c459ad9e56478833ed0adb8fcbe5ade56

SHA512
fdc23e15c400fb57e8c9f0bc11f5e56581f43e784d4d3865f77fbb50690b25593c659d487de7d7b1ad1d3cd24cbbc0ab89944eb5dd513d90fedca94dbe86160b

Download Submit