b773aebca8f1869de867c8c866b5963297f05d935715f926e0f90662a3a9a32b

Analysis

max time kernel
144s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaaec099fada811715a48673c26a5dd4_JaffaCakes118.html
Size

131KB
MD5

eaaec099fada811715a48673c26a5dd4
SHA1

5a91f5a220813565b8b8ce65fc10576314bc38e1
SHA256

b773aebca8f1869de867c8c866b5963297f05d935715f926e0f90662a3a9a32b
SHA512

d24c19fceba005079139552df562143a8ec51c046594d12b43e9b1f81bf6b367d62513cf042f309c413b75bd5fd9c374c51687758679a0bcbba8f1ffa8bf092d
SSDEEP

1536:LWVeYhhwjDcjm4B4q9aiX7OBUyZIUYtw+54jiIB4PP:43ws49J1H+50iIBIP

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2040	msedge.exe
2040	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 4236	2040	msedge.exe	82
PID 2040 wrote to memory of 4236	2040	msedge.exe	82
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 4824	2040	msedge.exe	83
PID 2040 wrote to memory of 2776	2040	msedge.exe	84
PID 2040 wrote to memory of 2776	2040	msedge.exe	84
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85
PID 2040 wrote to memory of 4772	2040	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eaaec099fada811715a48673c26a5dd4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff220d46f8,0x7fff220d4708,0x7fff220d4718
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,2888673790777656867,3058187861859141267,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,2888673790777656867,3058187861859141267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,2888673790777656867,3058187861859141267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2888673790777656867,3058187861859141267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2888673790777656867,3058187861859141267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2888673790777656867,3058187861859141267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,2888673790777656867,3058187861859141267,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2888673790777656867,3058187861859141267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:3140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
23KB

MD5
c897f8479da25ec570027594f1b4db24

SHA1
81a3ff06cf35a87e697fc4733966dffc270ad06b

SHA256
7fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc

SHA512
b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
ff3c211838be3d43b323ae300784a49e

SHA1
4e834284e62f23a512e1b48764deeb12dc1a5930

SHA256
e464812f0077ca27b5f5614f8737f5fd68e3a365cef67f4a46f36b3f3876a71e

SHA512
7434c0213fa154f769302e1b4ae222a6ca8dde3a274672d989df33a9b01f93550e81eea6d34734ebe49aac12e38704199cfdd611603a5f72f22ce07372254ec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d0d1760d850106dc0f85e05c48c63816

SHA1
8625051a4907c8c370560cd6f951f38f0d29d4b5

SHA256
264c982ec20d9f8ab1437f91d5b06c9921edf4134af2c1acdae1e38b2f725e1c

SHA512
0771d54578d597c4c59698683e222721ee45ac86f1e07e1993a2f991f3b7ce69c49b3536c85d450407740c071a1323809a61e29423a9417110acae6c181d1d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b68bbc6aa21cf86b947f6d61811ceca

SHA1
73280bd839d1d55fda089878e76076abeabac86c

SHA256
2c7f9b1003462b3e67bd83caa54a03376cd88f7407f1ccb15d2e67bd209b3795

SHA512
0e2671046fc019c3e24de57bbd6fc5a34a4740f8fdde672060f148ee3b1587d80f56c2b765655e88343096b31ce17dcf66c5ee2f63edc10fa224493e41b56ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e4a3d8d29d369bd1c1ab939a8839787

SHA1
40c42304dbd30ced9d71fb5a4c8de98346e8ec49

SHA256
b190201e2da114c7aeba817130a05e7ca3f669cfa1299668d037aed514050112

SHA512
7339fe91028224a7aea4beb58fab52852e0ed70bd0f500ebc7ea19f943160dcaff1236ea74d6a2fe3b3b5fa0670fb939672bbdef0727c8a1ad7a319bed437eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6426d62e8750c03ddd92629bcd66a9d2

SHA1
bebdf7f7648e686fc0656f838e8b82b2918a7c55

SHA256
09737a9b94a9f3b52fc9dd18730284db0917e974a6fd63b72dc415af599b7364

SHA512
c2ab0b7dfe1b8e6203d1b0338197ed4b9c81797a7f38fa218656dfb8b92df27033e43f52e36f111fc9422b230137609e4a069b8edd9d2ac7e4247ea4a6c42ead

Download Submit