abd329ed1a5994a4dc00dd82111310d981ac0737c82f4d69a0fb5945ac07c35d

Analysis

max time kernel
148s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0977f5567058ffafae85a8643942346_JaffaCakes118.html
Size

77KB
MD5

e0977f5567058ffafae85a8643942346
SHA1

54678415b23807f7f3c124cbd4122e94859a7a4d
SHA256

abd329ed1a5994a4dc00dd82111310d981ac0737c82f4d69a0fb5945ac07c35d
SHA512

48288b34dacede1ac4735ed3a182f55f3c26b9380ebec290194de9478dab5d0d5b235dfec6120e55cf417ed1f53f8868db5d79a36f5e8c837761d0cc0eb543c2
SSDEEP

1536:nfPM+rampg180IJVLQz0w+YCHn0n+pRMW8ZRFUMy9tMyLfobHdlEwD0aiZHaSc6Q:nxrampg180IrJ0n+pRMW8ZbUMy9tMyLk

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2320	msedge.exe
2320	msedge.exe
2080	msedge.exe
2080	msedge.exe
3580	identity_helper.exe
3580	identity_helper.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2980	2080	msedge.exe	85
PID 2080 wrote to memory of 2980	2080	msedge.exe	85
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 5052	2080	msedge.exe	86
PID 2080 wrote to memory of 2320	2080	msedge.exe	87
PID 2080 wrote to memory of 2320	2080	msedge.exe	87
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88
PID 2080 wrote to memory of 1704	2080	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e0977f5567058ffafae85a8643942346_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbc5046f8,0x7fffbc504708,0x7fffbc504718
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9797855168772907835,6025618939407012655,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,9797855168772907835,6025618939407012655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,9797855168772907835,6025618939407012655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9797855168772907835,6025618939407012655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9797855168772907835,6025618939407012655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9797855168772907835,6025618939407012655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9797855168772907835,6025618939407012655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9797855168772907835,6025618939407012655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9797855168772907835,6025618939407012655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9797855168772907835,6025618939407012655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9797855168772907835,6025618939407012655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9797855168772907835,6025618939407012655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9797855168772907835,6025618939407012655,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2600 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
ba09d487c78707467eb06120031075e8

SHA1
20ecdc8a8871a7838b000271c1ab33de684c10f6

SHA256
e3c585d8c1ffc44b872de7046b1e87841f399e59429ee40c79f87ef9edd94a6d

SHA512
8dd2c7b8c26da26e8728b925190dc2f66a305e43423882836a30991022169f73a79166b5db8fe5812ea3e83bc1c8862035ac746beecda14f63933d6e7d0d5c39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7bff88347649ba81cc821c8f37fa383c

SHA1
7c26632cfe75c99c0d7f903e815ecb9973295a5b

SHA256
e9ec8832a425ed9fc72c20d5b3c702e30f109672bbaf7c63e921ee0200c634f2

SHA512
babbc69fbdf3a6403f19e28f6b1afbf5881ea80aa126f8c44ce4b5fe483bbe6b463d80a45e3b2355558ce6916a39ba7415f334e9d569ccbf3f76cd5d876ca463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b291e05141d6a5622dcc7e0142c861f5

SHA1
31dbf3636011e418298f3eb36f489b0673b9e3e4

SHA256
ec36e8508dada702c14351ed536cdcf65ce4688e65e64dfaae04ce856a00bb30

SHA512
a5e5cd0c0df19f0ae96ec7fe5bddacb2a64196ef84d8582cb94fa284c3be40167f1bc5961b26c3f1f338d160612f15fe7ac5adfd3e8d92a0d28eb59cda85184b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e4c5cc9cf808fe2d1727e8d651f551a

SHA1
d2f0cc4b4cd00bd4ce43919faf299f5564f4d9a8

SHA256
982e8a0c9eff32e50d3f6b0d75d4440e9582583e59c4b18cdfe1bf2ed2cadf4b

SHA512
3bc008fb06ba4305bc1f7cbcfed22ae1b028578f47fbd18ec34baa143bcb9a3057b71cd37fce66d2593a36a75ad72c04346bc0e6a1610537eedb30f25d437bfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
682440894215dfd9f23d53d3b2d2cd65

SHA1
d69ea42f6a55cb17010ac9f992a01a33d4e24355

SHA256
4d1818d27c03a482437c2fe62ca8c5e6a3b1330ea9690168ed1dfdbb94098d16

SHA512
992bab04369d4d582740e7b991e8ca130027918bb941c923cbfae73fb3d3f33aefc2cdd4f4f5c9aea8df92e257cc2c6b40a82f657bd99150ed99753c7963a013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
050e768c8efe85c5e2fb7cc86e20db60

SHA1
7c50f492094a0641982b984451280bcf8a81d94e

SHA256
1a9f7f0f1dbe4d62f25f1d38018fd199748292c8ada024c15d87a68d21617ef1

SHA512
c14ab5dcd8f20cdf397a7854c59ff672fcfa246b3def2a7f31637976629c4274acf3355b310f8c140f8281cd24ef2ecff3473c174946deb86048159740134e8c

Download Submit