05969db022b9cfa21530faf775031df3d93ab0fed19395d4d3d6ae6f86538194

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 00:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

db879e66c589ce2adbe8241f47e830e2_JaffaCakes118.html
Size

44KB
MD5

db879e66c589ce2adbe8241f47e830e2
SHA1

3c83ff4697047ccabc00e3e04322223428f63b36
SHA256

05969db022b9cfa21530faf775031df3d93ab0fed19395d4d3d6ae6f86538194
SHA512

2f96b84c68877a6ec351aac2114856c23f2c63c8cf16b413947ba48c0af49d3b1fa00e7a484a719156ad3db1c763052a40913c7f286870ffea938b46a5cec563
SSDEEP

768:ToCCjdz5+dcpiieUu1EgBWKW82O7LYCirBLnj8xmA2SR9:TIjxQdcpGUu1EgB5r1cCiuxm6

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{59DB0198-7D61-431F-9F4D-B02A37631DED}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
4836	msedge.exe
4836	msedge.exe
1668	msedge.exe
1668	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 3128	4836	msedge.exe	85
PID 4836 wrote to memory of 3128	4836	msedge.exe	85
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 2188	4836	msedge.exe	86
PID 4836 wrote to memory of 3548	4836	msedge.exe	87
PID 4836 wrote to memory of 3548	4836	msedge.exe	87
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88
PID 4836 wrote to memory of 1216	4836	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\db879e66c589ce2adbe8241f47e830e2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdcac46f8,0x7fffdcac4708,0x7fffdcac4718
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,352573075237545361,1979557051726769230,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,352573075237545361,1979557051726769230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,352573075237545361,1979557051726769230,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,352573075237545361,1979557051726769230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,352573075237545361,1979557051726769230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,352573075237545361,1979557051726769230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,352573075237545361,1979557051726769230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,352573075237545361,1979557051726769230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,352573075237545361,1979557051726769230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,352573075237545361,1979557051726769230,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,352573075237545361,1979557051726769230,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,352573075237545361,1979557051726769230,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1280 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
63063eac880c155d0afdd2aff86ecf6d

SHA1
5f15bdf6037ba64f5e217670a1263c7389757519

SHA256
6bbd0729f604855e468ea8a02eecfaac9507a9fd67e55a6dbedc9ec7a6b05d44

SHA512
d506868eb6ab31a1b09b95f12fb05fb77fc7122a1f802bf72d22b1d6deffe1161c5fc109d2c86e34d1a24d8ccab5349bb2b8ede08662611b94e43ce29c7f9f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
eb8d46e10360c73cd1f85d9fecdb1d02

SHA1
9b3ea51b2209abd69ca44172a6becaacc0d9617a

SHA256
fdc73fce9a89ac776ec94f6bc0170a6ed7fde15c4853954f1ed21f78faf6605f

SHA512
9f3daba8dba1bc24f95a83567c78f9b7b58be76c36651cab876f21b505389351b43ab7746932c8c5578dbcbed7038e3a747b970f3b30046e0ae7c2604a22170b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1384351d15877b9ffdc2e025ee67fa17

SHA1
c0325943e84be25b106f10327f5f873b9086b413

SHA256
05469eaf1fa43c90c719c17c4e9823486f8ef19c82c09b40af84092525de1bfc

SHA512
5d9f3c34c740425c34b70979a9f9ad8f33ca82ee3e15a13f7782224966c6efe21caef581ca8a3301b4fbdca8242b66ded29d7387ccc910ae95d668392a259e0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f81e75e8f34b0f48361bf0cca745a529

SHA1
ee25c9868df256b9e9f2d58852abaa17d9b82c16

SHA256
fc171bf74011a9991692c110039f24394b4143b0318a33bd8e191a94f71ca2e6

SHA512
de57fae50b889141d84472e5d3249b946e95f356f718e91df2a023bb015b2533e6484495b3249e32db80a6bbb50ea97cac4748be2ca68ea3a31dd8bc45048118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d5b2021f51873395909f86efb94043cd

SHA1
c903d220396b498685ef441d2860089defd4bff8

SHA256
059c2c944d7ae26c7be9aea56a607086b47877330fab01fe619a06ccf3b7366d

SHA512
9b3f0d6cb797ec4e3cef640966f88c11b0d559d1eabc2cc144868e61bcd3655315031bffffdfbb6d4eda549e76cda403ad38ea16b915da2638aab68a6282c61f

Download Submit