bfd30f6c90151a2dc6b7f5b3a9032f2a2656475e61b82bf40e0f25a5795d34f6

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eac1fb3c4b73439c71f63c036dc16b96_JaffaCakes118.html
Size

180KB
MD5

eac1fb3c4b73439c71f63c036dc16b96
SHA1

affac444db7b7db1b9bc62275dfe8dd71ff7bc6d
SHA256

bfd30f6c90151a2dc6b7f5b3a9032f2a2656475e61b82bf40e0f25a5795d34f6
SHA512

1931f884ed1c52d4c4b866b5baa63464abc0e9bbfdd2cd0ee29869a8ffdb4f912c74e8145365f3069217012349cede8e67e8c5bf5550d3fdb0a4505f70f7bc4d
SSDEEP

3072:LHTYLhmWLLLUflSK90Y1IS+XZjZGadpakzkyj:LHTJxlSy0s+x

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
4092	msedge.exe
4092	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4092 wrote to memory of 4492	4092	msedge.exe	82
PID 4092 wrote to memory of 4492	4092	msedge.exe	82
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 2748	4092	msedge.exe	83
PID 4092 wrote to memory of 4844	4092	msedge.exe	84
PID 4092 wrote to memory of 4844	4092	msedge.exe	84
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85
PID 4092 wrote to memory of 2156	4092	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eac1fb3c4b73439c71f63c036dc16b96_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbfd4046f8,0x7ffbfd404708,0x7ffbfd404718
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4562165713214512189,7575042769694466694,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,4562165713214512189,7575042769694466694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,4562165713214512189,7575042769694466694,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4562165713214512189,7575042769694466694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4562165713214512189,7575042769694466694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4562165713214512189,7575042769694466694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4562165713214512189,7575042769694466694,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
9c30d8a4866de0f9749875c7e1107d89

SHA1
b6718cbc742cc31c05f10d2a36d86763f277909d

SHA256
1fa8236d6d57f8ac52ae75abb16fb2c3c14db4f2e3a395c4c422f085cfbbabf9

SHA512
b4cee0673a6ec90f0ebb25e75ffffd4f67b974ee389db16050f952e07d8db07112eb07a77c83accfdca667b06901b1c5f7cac64ecaec5e0f36bc8cb44c09fdf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
850B

MD5
a71c16d4c5f3af9c298ce04b95397cc6

SHA1
8c9e1c9f6608f02bc78f09c5cc97522253720d7d

SHA256
2019ef08f22b265d94787335eebd2ab23b6af4bb59977ee204f697acc057b0a9

SHA512
baeefc037b556b5163207224b45e8d58ed8cd814730ae252142bd2c1d85af9a04f8cb7bdf88664590db8e7e03a2881115cabecd03af388b01903cc426e48c77f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
92097cd47fcfac47ed78feda91167bcc

SHA1
35cf8230cec81828de490a4df52ad16e6d95e53b

SHA256
14582c7efeb2a27662c526f8270e0a7ab8f11d72aac263d8c1f90672e22a85dc

SHA512
c6d22030e81cd23d45a3e777bd9722894e0210745776d75d34c81c28aca035c1ac848a4c0087cdcb27cfc0d275425bd0ccbce6c495475660c3fdc1d376980324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac323c9f1af43aebae43af6f2d0d9c8a

SHA1
ec2d3c89fe964b25fab9de079e1d43f66d82c23a

SHA256
c44256c721c6c728ab172d52d0f65a345dde57e06e34615a4fc2b4515ecb8026

SHA512
af5a3e663a72f97e0c3b24de2ac78bbbbf9b5ec94f9bbefe7611997e988dd2d7eb9e6357efbfc39725574e631a731d16715f59e3a44adaddec650108727f103c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cef89369b1c4e000eca215d018edf01e

SHA1
4ae2aa70018275ba689f707f050c9eac6348f995

SHA256
d1661f15481ab8d4bbe7d693dcc14b498f9b58d6a6ffc88725d5177c6f7866ed

SHA512
d69bdc0dfe61cf8f3d836c64747790c11bcbae4a5e407d6ccc929103e9a8f16bee6343fe099f3b7d3be9a5a6532fea8d6bac229e25815b8d438ae54293d7750c

Download Submit