93cfda4109b04a530b5951c80001433c19467dbbab8789dc53d479dbc8b4ed67

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 00:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df2db1c90d793dd28160ddd8d77245df_JaffaCakes118.html
Size

102KB
MD5

df2db1c90d793dd28160ddd8d77245df
SHA1

b3288748ff5b5ab65289e2d4c72e4d3bf335e22b
SHA256

93cfda4109b04a530b5951c80001433c19467dbbab8789dc53d479dbc8b4ed67
SHA512

c8bb738e2a93bb558554fa7a12c779b385c8acc5b6acd3a9bc6dfd6e80302d6c1ba9f22990269ad137f876c685b3c4ae274dad62046dea33688e06296be80d4d
SSDEEP

768:gb5pHvvCIoguCLJQ+ZiSDxvUMPgeUMreUSLtWarcSBR4jAQEh98Psmnd/4hYsXZ0:gHHv7oguCLFZiQoEq9pFv4UQqg4hRymg

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3416	msedge.exe
3416	msedge.exe
4568	msedge.exe
4568	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 3836	4568	msedge.exe	82
PID 4568 wrote to memory of 3836	4568	msedge.exe	82
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 2252	4568	msedge.exe	83
PID 4568 wrote to memory of 3416	4568	msedge.exe	84
PID 4568 wrote to memory of 3416	4568	msedge.exe	84
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85
PID 4568 wrote to memory of 4852	4568	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\df2db1c90d793dd28160ddd8d77245df_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,9882847615358263001,13417347628082225294,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,9882847615358263001,13417347628082225294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,9882847615358263001,13417347628082225294,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9882847615358263001,13417347628082225294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9882847615358263001,13417347628082225294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9882847615358263001,13417347628082225294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,9882847615358263001,13417347628082225294,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
144B

MD5
8fa18afb6c68041123a084bab4e8d9fb

SHA1
c29900d2e755e4b74a2c9c08e171ec4187f1db03

SHA256
86f192d8d8dca75f472a9c6517ecb20e6ab8f8f04381d5859324dee4e5365d82

SHA512
9aa5418e80e461ab8301c055d8f687981fd56c1f3e20bfbf312e4ddb42b1de43fa60c4f05bdcb9e020851cf0eacc03121324d145fbcd4ac9094a834427653cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f1e8172d0009a2309d6dd26e7eb71fad

SHA1
9f1f945cac52cf6322fc11315d97a63a401546fd

SHA256
57ad9cc6c5a54392e3faac4b9ff14d374776d9c5e5bd882d70d1842f870fe787

SHA512
8501ca411f579f5bf5386bdb79f93eac2b48ce81a689659a0e19e43ed2abc43672967b0286cb57acfaab1536c256e150c7b71ae6b7be0d945da1d2246d0d07ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2ba5d526331e4be56105c6816483b55e

SHA1
0bb5574f54f08880eabc48a7c812660e9816f5e7

SHA256
0fc89f50cf4b258f20dbd3231ad0c80bd0795bec65209f346e8d1c7a41804469

SHA512
9ddb808e804e7d73a88280c5789173d1c593b6bf70280acd2e39b70b18af9ef3b63596832f5fe605c6890a5c2909525d605ab4fe1ce63c10f588eb376cd4b38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f88e1d482230a6ff2338896d80b99df6

SHA1
2e81e502a884548b081a0a4662b653f1600b0338

SHA256
41e581c3e4697cb3ea308bc4f831b3f45d7ffd2f314fa1e26cc4f5533f23093f

SHA512
5c085e62e7efc6d0fa9c6527bff38487b3afbb4bcebebe131c7ecf58cd0e75c528f4b81cac0002c482803a777de523379d59f4cf23e9b82cc05f6a5657d1456e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b896252cae42acbaa319b4091a4fcb6e

SHA1
79909877158c607dfe3fd06e830d30cf0d82b031

SHA256
7b41e8c21242501de1b68fbb2032e220710ed7c32544d38770bffca7da9d0760

SHA512
11d6c3d93b2932d3f0e39629164af7284598e571557c10017baa54147579431b4b65ce561781700c7df8133b3a2b9ce063f2a93875b4fb062cfe3e29113aa3c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c143d3dfa859de8d7370e6c80a804015

SHA1
9e21b7edf0da34fc162c2f23967d4a17156dc3ba

SHA256
8dbe60d7a793af772b40c2cd9143ee200b00c4d613dde2bd16febfc85ebee872

SHA512
74d957234ecb6917006fd8352a6624cb27ee934bc75b1ea3643909223de1ef17d4e4bf7f22e8296d6ab6a3eac8156cb0a3289682730f22994f2922950b4cff1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
30961698b6914245e148b10a359567e9

SHA1
a8298ad86224225a2c130182e31674e84963a1cd

SHA256
05083a071f5d4a6859e3d6a27d21ce618ed9baa3b9ddc5a3bdd95a76bdb84d8a

SHA512
03a4300a50cb0976b11b8c52d880f97a987ea19a65ee97ff27a6ba9c9a662082ce417280b4fde5c9cca585874ae842cb263369e49dbb9fca52837f51069b3c14

Download Submit