0627c1425e308a3e1acb350c1861fb3ade0190354c08da028681fdef1750b9e6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e06d0b4fa84e4a3213b105475d365edf_JaffaCakes118.html
Size

232KB
MD5

e06d0b4fa84e4a3213b105475d365edf
SHA1

4e730d4cb4ed51c57d879349a9baca403bc9f135
SHA256

0627c1425e308a3e1acb350c1861fb3ade0190354c08da028681fdef1750b9e6
SHA512

872868d7dfe89633e269ccbfe1c6ae13f7b2181a8bc46ced1bd0a19a6ed8385261bf11e517f305c96fb9aad53f28503755d5e8482878e6de9e26236d0b7f5a03
SSDEEP

3072:SwSHuMPeg4VyVS2yK6OANyCDneLknz/C4r5vIU:SwSHuseg4VyVS1K6VwCDneQz/C4ZIU

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2828	msedge.exe
2828	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 2508	2828	msedge.exe	84
PID 2828 wrote to memory of 2508	2828	msedge.exe	84
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2104	2828	msedge.exe	85
PID 2828 wrote to memory of 2700	2828	msedge.exe	86
PID 2828 wrote to memory of 2700	2828	msedge.exe	86
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87
PID 2828 wrote to memory of 2652	2828	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e06d0b4fa84e4a3213b105475d365edf_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd73946f8,0x7ffcd7394708,0x7ffcd7394718
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1091370375731899749,7638974688675768087,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1091370375731899749,7638974688675768087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,1091370375731899749,7638974688675768087,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1091370375731899749,7638974688675768087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1091370375731899749,7638974688675768087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1091370375731899749,7638974688675768087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1091370375731899749,7638974688675768087,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3044 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
6bfaf3233a1897743f5650821c6ca2a8

SHA1
472ed1700775532fd5c03eb8a64a8cfdadea3dd3

SHA256
6dc29d1820d46322fd5c1d430820ee0aec7dcce3171698ec7443215df13fcfe0

SHA512
9627bb1d75ec8b5fcbf4c31f8df3ad27c5d23a9597c3d7f44be5ec8809ff495e67ce4171a689000e075bbac61fdeff4596633f4ecac17525feb40965cebfd0af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
174B

MD5
06d996640fa6247644a93c5b4b5aef7e

SHA1
22194238a7c41c0a4070f2dc82ec609de5cfecbb

SHA256
519d5f135f432993867b4bc4eb75ac4717c23c07af142d8ec938ffa94704593f

SHA512
416dd0dead3fe034c8887f26ee2e1085487190e6922c6879acea3892bc71f369cfa88e93896a6f1d10de7aaf4e8ec6c444130df7f11283e017025a9f74b55813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
efc8c50a4cb13b2c1c2b3c2195835ce0

SHA1
a102441b0674422f04d8fa94561db6233ed4e1d9

SHA256
7fb4c2900d56cb450ea8e925fa30f54eeaa8512863df676a4c895015929c157f

SHA512
d25c8e661d1d6be698ac8d8a846928358fae9e7fd9adc0f26327a1b1f249803ebd47ff6973c9db653e9192a11418baa846e18fffb2e32f08e5de246d88ea669b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
61b2e5f06b6f497457468f0b4b1c762f

SHA1
ba21e278cde0365a101863007a62bb40ed45db3e

SHA256
a61642ede1e185f33896022ec11082674b94fc28ff35eebf22a435fe2ffe741f

SHA512
a8e5651f62113db3fbbd1086a4786d3d172a76705f02c1e348a3a07d83238d5edd7cbac239f6e006e3a3807107b24e9a6a27bd655b2b16fba45e570a34ac9417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2023cc853652b1c601f9aaf7b2321fe8

SHA1
db4e87ddfecf7b04691f0857ff5598b7bca63e32

SHA256
720dbc8195effb5a5fe940bcec54dd00d7d1746d14efa72474012a07034a7c63

SHA512
8d4d24c47122ef36f71e641cf5c01d54b9701128eec38bb328299548eabdea679feb0cac1354d35488c3513825a96a815e6f508407ef77b7e49e0e0da67b8df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cce2500deb214599747552b97fa752fd

SHA1
8152c546d06ae6e56fe7cef0696c23ee42a67097

SHA256
aa2783cc66a273dc08c02ee613b2d452a609ea6a02b21f0cbb73015d6db6b754

SHA512
2cfa3da30b946170b834447e5bd2741f922a4cacd7973e9e1011c0a9137fe338bec3fa7951f5cf702b9ad3643e4a633ac86da9f89529139c9bd1f6008cecabcc

Download Submit