779172787ec84f87207f6c3f118b044b216a2cfe87c28dcf0de0510cdb9da36a

Analysis

max time kernel
146s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 23:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e13e8e1e29aeedbbb8694c7538a3b57b_JaffaCakes118.html
Size

48KB
MD5

e13e8e1e29aeedbbb8694c7538a3b57b
SHA1

1a1360a6bbd44103810d9e87a963b6ac2afac2ee
SHA256

779172787ec84f87207f6c3f118b044b216a2cfe87c28dcf0de0510cdb9da36a
SHA512

bbbf722a04149308cf305815257e4c5330a1695ee7c25fc71c6d00f0500ec60ec6818599932c3ffdad510aa4c62c3abfac641cecfde5d11ce74188cc12e29176
SSDEEP

1536:SS2Pvr5JlWzSzczVzhzezmzAzaVz3zrzhzzzXz1zyzKzGzlz4z/UkhBjc1VTRsbe:SS0chJYF2u

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
4476	msedge.exe
4476	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 4680	4476	msedge.exe	83
PID 4476 wrote to memory of 4680	4476	msedge.exe	83
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4028	4476	msedge.exe	84
PID 4476 wrote to memory of 4808	4476	msedge.exe	85
PID 4476 wrote to memory of 4808	4476	msedge.exe	85
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86
PID 4476 wrote to memory of 2400	4476	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e13e8e1e29aeedbbb8694c7538a3b57b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe661546f8,0x7ffe66154708,0x7ffe66154718
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18412215489282729939,10703295263965435578,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,18412215489282729939,10703295263965435578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,18412215489282729939,10703295263965435578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18412215489282729939,10703295263965435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18412215489282729939,10703295263965435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18412215489282729939,10703295263965435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18412215489282729939,10703295263965435578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18412215489282729939,10703295263965435578,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
26499302ae1f310c07d920bb507d0fa5

SHA1
170a742a153816d093f0898d730124aa390aacc3

SHA256
f19b6cc95f063aee4f9550c37110749a98c972016541bec5a6409dec4ea936a7

SHA512
cfa188128280d62a0689f83f79ce29e5af18a668be53866eff748b33c44b12e34252b1c91c4bcf0414c309a0ff235033cef8e58d040c58fd26968692d9bd54ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f7e868f5885760972e5c572fcfd3dbf8

SHA1
4a305b6f82d0ad5cdc87e4969f87766477ffda0d

SHA256
d819cb67bb3e6ae0daf5869f5872e185b5d696e9fed54582a8497bc52b2d28a8

SHA512
b5a08a1f3031ad1ad7f9b5e498681cbf1151d54e5be3020c621778df328f29bf2e3deb6b88b974acadb8f2a4fbfca1ccb2fa9a843fdaf1fd80f9ff7c792b9df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
28329804c2a25ce1beaf1fc51008d395

SHA1
8b5176132ed387e97334507dc017efd3c54b967d

SHA256
a5affc86ebfe0101afa140a474b9d87e1aac519d358ed909bdce14fbee100063

SHA512
752dd06e06a1be53e108856cd4d2dbc07d28c16ffef2e3ff768d5e806fc70e7df5d6c202bcda0c8d72865009c5623d916d6dafc5411e13d6f9f8ce3ef59f0d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
06ec0b32d3f627936963a5d65fd2b1d2

SHA1
6e8c569185ef5e030fdaa8a92a881861cedab421

SHA256
1de2a7399845fc0e54777947e89578ec9b54906b92d82ef48dffbb86370135f2

SHA512
abada55aedaa390c47ca73b5b29ac2cc0ccf9d81558574d4fbb4d6981146bb12d894bc52e9af26f4099b49138c030e628d14d271c02ed5c0bfab93ae45d89f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b5637e8d9ede63f81c0afe01584d317

SHA1
8b8483b84ad593182478dc22098803af32913b4d

SHA256
980b98f98e9bb3170fee1335f985d73e51eaf907171eae9b57d04d140702f853

SHA512
1c20b73867d2ef2e79812cff4ccf11ebb35fe7a13735414172ea403bd4bd583260cdbd454eacfcfd620b22882470c9063884365b3ae73830d40b332a20df4ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
e41cb9f48a7ddb469f82a322fa88a351

SHA1
6d7aca263c580cb3602f0310ac84dfbf7f9771ea

SHA256
eb22743ed9c723929e0ce24ce1875747af26c496505d13c6f6bea96e418e0534

SHA512
d78b128acad436b244467a4c603548585924fc33852e3ced4935e359fabc8d7cde908d54bd0151bed3635b170591ef6dd368c05c1274e21d2052c7bd4f4cc7d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595aa9.TMP

Filesize
538B

MD5
7857d305abce9dafbecdb3775e6ff3a0

SHA1
9ff219a17611c717a5571c57d3022770aed9941a

SHA256
39d151c834037ad061436604d8a56934790a0b8aaf56ada882aa460d35f27097

SHA512
e60ae66f527bf62827558e585ce7e5e1f74df92f78885dc45ccc426651dbd2e7684d3d2f238ecc8ca03be15f880e3ca99dcb50a1ccaf35e8f9708ed019417529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fa3665da192149355d9f882adcd99bf7

SHA1
7150c360a97bf5f95ee5f756b0e02355f6d7c391

SHA256
b7b60578ebe094c1159733013ef23e1757ce6ab546752c40c15b27cf11beeabb

SHA512
daae49b43da69265a94e7b9d33123a775690ed0974e17dc409d830dc9d81fa4878d8bc91866ef5d862666755068ab76bd00e2f0b9165434ccffeb0c68b258b82

Download Submit