a6749c4f0fa00bf1d898dfd21fd208e6e11c0250531b13ecc130de7513f5834f

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 09:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e229ff62afa93ddabd2a48c9165b2af6_JaffaCakes118.html
Size

149KB
MD5

e229ff62afa93ddabd2a48c9165b2af6
SHA1

e13404376d438aa2a7b4082e8e5413af27eb365c
SHA256

a6749c4f0fa00bf1d898dfd21fd208e6e11c0250531b13ecc130de7513f5834f
SHA512

41c13dfc314e527e94d8426d6bd9a0ac5a20f362c0309c54c3528aced62e7935ee9eaf68d5e2ca32a733ba6e0ec3ec9a6717e8af485e9e8be04607c7eb7d0831
SSDEEP

3072:vixufjKqmyfkMY+BES09JXAnyrZalI+YQ:LjRsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
636	msedge.exe
636	msedge.exe
4020	msedge.exe
4020	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4020 wrote to memory of 4948	4020	msedge.exe	83
PID 4020 wrote to memory of 4948	4020	msedge.exe	83
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 2096	4020	msedge.exe	84
PID 4020 wrote to memory of 636	4020	msedge.exe	85
PID 4020 wrote to memory of 636	4020	msedge.exe	85
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86
PID 4020 wrote to memory of 2772	4020	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e229ff62afa93ddabd2a48c9165b2af6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcc5046f8,0x7ffdcc504708,0x7ffdcc504718
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2022068464693800022,8670299879112751884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2022068464693800022,8670299879112751884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,2022068464693800022,8670299879112751884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2022068464693800022,8670299879112751884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2022068464693800022,8670299879112751884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2022068464693800022,8670299879112751884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2022068464693800022,8670299879112751884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2022068464693800022,8670299879112751884,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
5dc5e4abf00b9495a0656f11f921b2e7

SHA1
7a39506ccb1ac3eff9996859aa1d542ceb8314d0

SHA256
bbbb1cc5be36ab48ba94aea499d5a37a507f17aa9314921a4094dd714fd4a79c

SHA512
9c903874a99da0c369d3651bd61cf62c57e0c938702f1d4c02cf14345bc4922922ff0cc4f418075abc7cbd22bdbeb05905626e77d585ebc52a2b1c70cbcefda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
407B

MD5
9f15ed70ae92a893d8be49c86a8ca1b6

SHA1
b5e65867128277b4e833c169d1c36fb7c17a9abb

SHA256
a5a15149392bf2087e3098ac56a901f7093d0831dec42a785392b0a4d257b0d5

SHA512
7f51b84b3d166cb984b865295920f963a851bf05bed8ed650000a2296ba2c0750c5d41b3199138f0f2c3cf6bb21a5ce16fb50061e902ec6c488b479add4dd8ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
70834ebe88bde26373f512c962fd3b1a

SHA1
b486b080ce45473cff2a8ece5fad2f797a66432f

SHA256
986a35b89b443266011b269402037c7e559dc9ae6052fecc822156938e2a1487

SHA512
73737d47e4559baef767bc223c83f052411340555bd8cdfdfa68391795ecc487e98efc75ca06b285777fd5ae6df4795a890b4e289b0921a4736b575c7c834b82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c80c68177255a73937a5c61b2a9e22e

SHA1
d1d1c56e23501e64c2622ff1671a7ae31452ea5b

SHA256
8447a9f0bc87b39e9a013536f4907777d3b65aaa388be2e009d84a1b0fa353cf

SHA512
fbd3843c4311e73fb21e2e0fdd8055af43368500103caecac719acb3f5900dad42eed7f152cdb47518979ec0cc3636c53228ba6833fbc80d76218f028aac541e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d77188f0bc3e540ab8eea2c259ebd847

SHA1
281cd25a0f6a4a09861fbdb15275bde97243c3b0

SHA256
b5d0e1435102045b28388be927271214e7b6d16336769a1a785da3ad1fb6d04f

SHA512
bbd9484f5723015a22ed7b3c662b6f361c217797811c2bc4ca550c2225ed2b625b5d5cf68a05230a92187876b6d6d934433830768d23aa8fd9f7bf01e6e99b55

Download Submit