4f028e4c382d281a0336e23b727873e384c83569429011b1f590d402aa17e4ae

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 05:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ddcb8334514e245a6b2153dd48d5f477_JaffaCakes118.html
Size

52KB
MD5

ddcb8334514e245a6b2153dd48d5f477
SHA1

237198311023d11069713ad0ed7645ed9ef691a5
SHA256

4f028e4c382d281a0336e23b727873e384c83569429011b1f590d402aa17e4ae
SHA512

c866873cd189b778604fc57c3d42fca4675108f43f453af996cfc103b5c70f9f18e490b796d283f0864912ac567e24fa9eb5895631ea864f972f6e2f3c04febc
SSDEEP

384:ut31yeItEAjU5lntNTHuaiZq+vSEHZluus:uzKMlnt1ivSOe9

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1092	msedge.exe
1092	msedge.exe
1780	msedge.exe
1780	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe
4212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 628	1780	msedge.exe	85
PID 1780 wrote to memory of 628	1780	msedge.exe	85
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 4940	1780	msedge.exe	86
PID 1780 wrote to memory of 1092	1780	msedge.exe	87
PID 1780 wrote to memory of 1092	1780	msedge.exe	87
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88
PID 1780 wrote to memory of 3196	1780	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ddcb8334514e245a6b2153dd48d5f477_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff969c346f8,0x7ff969c34708,0x7ff969c34718
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,14859470241436607875,9085546419778135607,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,14859470241436607875,9085546419778135607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,14859470241436607875,9085546419778135607,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14859470241436607875,9085546419778135607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14859470241436607875,9085546419778135607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14859470241436607875,9085546419778135607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14859470241436607875,9085546419778135607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,14859470241436607875,9085546419778135607,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
408B

MD5
d06df9020ee00b1d156b5f2af37f8ae8

SHA1
d515159985d32c5364bf5e024d303571595b3998

SHA256
01764bb3492d3ab0a67912b77f79c33cb6fa12ff5b1d43154e52c51dfd35fcf1

SHA512
3c94ffa62e74af04a1d3b483e2636fc28ba3d2c430418b77a07f8a9372c4587f22c2fd6f11aea1c525a97964e045f0de7732985ff87b1fb8471427f453faa67b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
006916b7507321bd3c4b159b0d13b9df

SHA1
f99595e50ef62a07f5c383ecd53ed0837cbeaf34

SHA256
1171f457b9213ede0e755157e7f5daa53fb49d0f883f1b89ed2abb9c35252b12

SHA512
a63c9a74e885a2073c0b94f90c9909ab6944ff1e89764b7936d5358d8b56898bc2e662de5b0c4ab4ce36cfd80e37c6311bc21eddf2d0972909b3078524342a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53021455fcce3fde3d55189f5b7755d3

SHA1
52c715bea2cb363c8caae607bfca11254aee1fa7

SHA256
8bfc3d77ba065cd04798b854cbc8451f2f73c9eb536856d9a46f25b89849bbea

SHA512
1dcca57c9d17e074742baf2d41a98d3f9b3750dfc2ed831c92b2066105aaf9597a7be4fd3eee402df19abc07d95537ccf9e22e2556d7ac5bfd7edc953f60a1fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7c77b0d7fc74f8fbe023eeff85ca40db

SHA1
4282c72854a244506fbe241eecd15b673c6b40ee

SHA256
e08f936a30bf5a20561c3fc04fb585d86f527a2272c6584403d60cc7373f5832

SHA512
93b89834c2e2b6bc9e30480bdb74757e4b2f6f2274477ec97e6771241c48e2f1d7ac82122ab97165199d1b25a6ba56d8c0ac18b04ab23ee3a48944f42c9c463d

Download Submit