e62d82fa65e9ebd82641105e66a3a7f03cc38320081025e0ad905bc5c1210113

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 01:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

df42d923eed2c67e7e2e6a60ce929617_JaffaCakes118.html
Size

408KB
MD5

df42d923eed2c67e7e2e6a60ce929617
SHA1

4679bbbeda442321fdbe62c8e857c65874f96795
SHA256

e62d82fa65e9ebd82641105e66a3a7f03cc38320081025e0ad905bc5c1210113
SHA512

714e4c629f527acd76db38ac20b49f9907f28a1891aef37b932a859ca06f0cd471aa2f14c6ce6b2f5537715a4784c1b258d3656867dba30bd32632ad43e73b93
SSDEEP

12288:7fzSS0w7RbgE3Q0g1IPt23rl/ZslohtWel8BR:bRbgE3Q0g1IPt23rl/ZslohtdCR

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
780	msedge.exe
780	msedge.exe
1436	msedge.exe
1436	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 4900	1436	msedge.exe	83
PID 1436 wrote to memory of 4900	1436	msedge.exe	83
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 2360	1436	msedge.exe	84
PID 1436 wrote to memory of 780	1436	msedge.exe	85
PID 1436 wrote to memory of 780	1436	msedge.exe	85
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86
PID 1436 wrote to memory of 1668	1436	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\df42d923eed2c67e7e2e6a60ce929617_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc07546f8,0x7ffcc0754708,0x7ffcc0754718
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7542455376086444786,12991365157068924299,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7542455376086444786,12991365157068924299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7542455376086444786,12991365157068924299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7542455376086444786,12991365157068924299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7542455376086444786,12991365157068924299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7542455376086444786,12991365157068924299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7542455376086444786,12991365157068924299,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
23KB

MD5
33a83c16527e4531fbfca2631f653674

SHA1
87a63514c262ba4bffc52d2ceebb3ca14353507a

SHA256
1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4

SHA512
f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
45KB

MD5
aa6a698d1c7fc6d35265b10af5570e9c

SHA1
00da372ad4964a5d5b8afff7fe1b207ff284f232

SHA256
02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a

SHA512
f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
7832c2cbd734d1113a25a4060ca662e8

SHA1
ca5d693c0b243357eabc2fbaceb39e6869b2ad39

SHA256
1a08915c5ae3f95a355cece42e34f3f946f4e7bb854f013fc88be3991bf70366

SHA512
5ba83923798af9a0716697f08dc94233872049839534eef35d39566171d4934552deb8b9f77d2f0093dba640f895dfe47c87e0fb6fbd9a229645ed8e8e33935e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3842b4906f27ef05399c0f827c5d6128

SHA1
5329ce2c838328490aea7117eac20124611d8e6b

SHA256
84f6f954071dfaaae6f55bd5922258f530234dbe06bc168d39289d9cad937deb

SHA512
7fc544e0034b4dabc369def4afa5a9fc9bc2dac47552be372afc7f35ea1aa494b66cbf16367e7f4efc64ccedabf2c1cbb5654bfe9d49d9d536b56237bafa9b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c39efa54183d6d00677272a4372f8ce

SHA1
c8e1f4cf32322e47766649192a26d731ae440754

SHA256
77b5254c7209dd0758eb1f2cb5eb47c4c64b9625b11eaf3e86b3ff7e6c7c3b00

SHA512
61bcd68b775d73f6da87ca0e73c50487dd96591ec3572b943a885a029b7d66f0bf49480c5fd3b2aef20d52c8854e724745f4084ba6fa8c634f9fe6a07f6dceed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9edc105f586ea0c4cfe385ca2bcc1483

SHA1
d51d427bf149be1d4f343867acf4a147ce9a17f2

SHA256
3ac17847df976c8b7e7d5e4466abde562dee928a460d8353f841234a865c4b42

SHA512
84b01aab09777345426a51266c75b27f6251415cd0a726eb140dc18eb30a080c6f5d131779e704e6809233dd77f9d865cfdc2a53e571303d6ad0716123446cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
484f3102a8c6418dc26b8f743fd18e9f

SHA1
a202072626a14dba1d943cda995c82d47ba6900d

SHA256
0b69409e6ef90f3fdfdd817e4348ca40e2a06bf0831a97bc1e6e3736d8d5e3d1

SHA512
689b180fb31ad897ea1e286303c2ca76c0133f30899b8a2d24f010be068883e988cebd1bd65b4d68294f6fda34f78c2fafcd8e6e8b8ad5de13f968e7d8566d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
885fa2edbc35f8cf128b24ed1284af27

SHA1
a18ba34077009ded0640674e8819d6e0926a87a4

SHA256
eaef98e566328f306ad018aacda441c672c9694d884acc1894763489bcb4d962

SHA512
199dfc78485175714d5585adb9cd4990e53586718299aea40c5ecf17c40a10478fbcb08c534e8e63df563a4c34bb6d00de2e3719dd6393731c6a2e0e083d3017

Download Submit