7339825bb1dd2fa42bf1cbbd668fce4dc495f625ed2aab94d77736121510ced1

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e026a32d47c3f2df5963b85fb91874a2_JaffaCakes118.html
Size

565KB
MD5

e026a32d47c3f2df5963b85fb91874a2
SHA1

e1eec2d45b763126002960e3e345eed7590a238f
SHA256

7339825bb1dd2fa42bf1cbbd668fce4dc495f625ed2aab94d77736121510ced1
SHA512

d471c335d00669ab38d30b5b0a7bfb783c0f64c4fae086eebfc7c9cc4fdf495d14d8cb6d5b238be2cf82ad2d7eda0228e81b4c280c8f237cd8b1aa4883b03211
SSDEEP

3072:/tdfYuQc05nfEMd+BzY7r3cMXdnXAEJodwKyCZ8J9cM++1:3fYuQj5nfEMd+BzY7r3pl

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
1528	msedge.exe
1528	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 5068	1528	msedge.exe	84
PID 1528 wrote to memory of 5068	1528	msedge.exe	84
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 4448	1528	msedge.exe	85
PID 1528 wrote to memory of 3360	1528	msedge.exe	86
PID 1528 wrote to memory of 3360	1528	msedge.exe	86
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87
PID 1528 wrote to memory of 1156	1528	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e026a32d47c3f2df5963b85fb91874a2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99b4946f8,0x7ff99b494708,0x7ff99b494718
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,9483398854584734275,4261246949240550293,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,9483398854584734275,4261246949240550293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,9483398854584734275,4261246949240550293,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9483398854584734275,4261246949240550293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9483398854584734275,4261246949240550293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9483398854584734275,4261246949240550293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,9483398854584734275,4261246949240550293,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3172 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b98a08cfbf5c70e590a7d3f2a3a858a0

SHA1
61bda24d07e0ab4729b4c4223ea123661f1113fb

SHA256
8785aaa112a6d28aa95dee8434d7f25f71c385a4c0cff7ef66734a5c553263ad

SHA512
b829b79297bcee11dae4ee20f493c5c79db4f1cebd529852f6215c43f62cb7a5e3e80ace0d6f9efd2668065c220536c7b0a57eaac7acc61a3263958b73e7382c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4580826794d0e0f658af8717e8f92ecf

SHA1
820e1bf8a3a4b3559fcfdd767f0bdda474a7c8df

SHA256
9310c866a8004c113ccb3358cb457697bba9bec4695733eb58f9c663cbe327a9

SHA512
db7c91bc105a7464ce1f6c49c3b1b427d97a1141ec9856614ae499a24371f8500e5d81260835cf6b06e412b3d33855c146e5ac843178bfde997a0973deffed83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3b7743a6d6e995cab851dd7c7bc4cc7d

SHA1
b054dabca722c50f0fa611a5aaaf7ba32e728246

SHA256
c56809eed3a46fa264c1d0b747eeedac9fdb7b63e8b2a543ff74c88174aefde0

SHA512
df06f4251aba6e6124b57f17ebcfc143349e04f55b57b54e9e3c386c8d1a1ab2365a2e8809fbb8a12a7b3740f57621a4b59f2b2a0c1c7e85b5f30f69cd1c3ee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb8832e325adbc06e8a0f33d1cb9c816

SHA1
077341a8e0b2792ef997ce0d09157ba7999f8b7e

SHA256
b913877bbf5bcdafefdddad5d3165debfd0f88292eb313e8ef8d519b29e4b48f

SHA512
c28caea4356646117463746bec57bb2f0894076fd642acc7545f5752b2a62f3050884faebec060a5afed94451ebf737b8b6b20f5fc0bd511391dec6ec1597dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a2b7442bcc1c8571f2ac8505e26f9f76

SHA1
44c0c6747141a21d85bf4a0263913cba6820f485

SHA256
14950a3f3887138f7a57d7aaa1dba9aecd3cb5cf0e1534e78b24a8d7957b9a9e

SHA512
63555eb665041b0d3a36fb8a5ccf63585e691a09ac4fdfa1a54de068e1f949b4e87f7735f3d40d828f8a52c28512e1cae925ee2a1ce38ef228542bd4a61ba817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a04558a97e6aa6d03589a4f0c681426d

SHA1
96ffb877b66f0585568d2607961cc14271f5debf

SHA256
44becc49849b7f4c42c826a3388b7dcc113d7a0bde85313ce38b9dcac32e7278

SHA512
b6a83e777ddb041ce34597fedaa76d8f2904efd41ae885109da7557d96dc8c5135334ad44511603c052960cf58c5527b65050b28dfcc9686acdbad09d7a0c74c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
81bd0fe50bfa78ac5be85f52e5e61d4f

SHA1
9746c325ab10f5239cecd5e7800b0901d9035ebc

SHA256
cdd10af0f1f21750b4906e87d4226fe46255a717d528b817ac7f89ac03e7752f

SHA512
81461e2bad3b318a80b473b6d64f8d2e9f59bd99e472b8fd65cdf8b3215b266db67f684bec7dbd52bdb21398fafa95592ff4aede6e57e3abb09a529aef21f7ed

Download Submit