d82e25badfc3be24d83d2a5ce4102c1bd439321078aa6e21e02e303ae5e61696

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eac95742f5c5340951d72852b9f8be1e_JaffaCakes118.html
Size

178KB
MD5

eac95742f5c5340951d72852b9f8be1e
SHA1

e78d7a911360583f0ece37a221b67fde3b85daf1
SHA256

d82e25badfc3be24d83d2a5ce4102c1bd439321078aa6e21e02e303ae5e61696
SHA512

fd6a87f0e9212b18f1c83be96df66fdc1097fc3e287906f5eb28e28860cee2650c220c6ec977e2a15ea4d91215165272a3dca23795c4fdbd5ad673fd31b9c699
SSDEEP

3072:THBcE08RfobpHBBz/jf4aRceYLKwalTSEwke+rvJLqW1FsWUOTjFElw7aVb8QFs7:THB908FobpHBZjf4aRceYLKwalmEwkeI

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
4196	msedge.exe
4196	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 3828	4196	msedge.exe	82
PID 4196 wrote to memory of 3828	4196	msedge.exe	82
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3236	4196	msedge.exe	83
PID 4196 wrote to memory of 3880	4196	msedge.exe	84
PID 4196 wrote to memory of 3880	4196	msedge.exe	84
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85
PID 4196 wrote to memory of 748	4196	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eac95742f5c5340951d72852b9f8be1e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb61a646f8,0x7ffb61a64708,0x7ffb61a64718
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,16105107176630227721,12044095398225203852,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,16105107176630227721,12044095398225203852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,16105107176630227721,12044095398225203852,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,16105107176630227721,12044095398225203852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,16105107176630227721,12044095398225203852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,16105107176630227721,12044095398225203852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,16105107176630227721,12044095398225203852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,16105107176630227721,12044095398225203852,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
23KB

MD5
c897f8479da25ec570027594f1b4db24

SHA1
81a3ff06cf35a87e697fc4733966dffc270ad06b

SHA256
7fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc

SHA512
b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
74014b816ccebfad7b6bb802df0fba57

SHA1
1ca60bbf604cbbf2918bb90ce252354c7db22c32

SHA256
a589a89f0e1b58da72c3c73ef1a1caaa3da9f98716d57d7b86be67041d58d9f6

SHA512
dac29d9c3c85339d96df2240ef03071f57c49f9d1ece785a86bc84403a400d47b47f6c7230cc549f13445b3b0fd9627274e74c2f65b4f491df86adbd6b65035c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
96687c75f1747f494729eed77a62659b

SHA1
acb5c7eba33cd1bcf4c05b4b0637e1e9c4ba5f40

SHA256
b2a1406c6d2833a1c9906157bf1b6165df9b1138f0328abbc4beffb01776ec0d

SHA512
b423ac89a3fd5448164b58b8bed2b295de0331f5579de55cf9ad236d43531e6669971232f90866364ec7c08ee4d4a77941bde0d318e801a99f021c7196373358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a7b4c27a379baa4702938d41dd3cca85

SHA1
8c016b820c4d11c55afa8bf740ce20d6985bfb7a

SHA256
4514a3a1c221e230d4382d5c5370cb639f244faab57fa747d5eb318879f5d9a7

SHA512
0732c4ae8f39137fac76397f313cf40ec00c0c56053becc3dcf56e9369b27b28d735293b01c9398efba3e5656b4f75af1cf2844cfcea7c50737d65daa7e28d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a421213f4261e671d9945e6060ae9672

SHA1
d7d36fab2b8c1af3af9761bc262187dfa160919d

SHA256
88ed7174b68dafde0a768be8704823beafdeaa86ff77f1df61c5d44e0f3cbea2

SHA512
13e6713ac12c1b1a21fd9b43b569abb5f82118129f027f4e6c343c2764dbd1d2e2deb294d30b3b838cbde6d29ed8827ad19ae714cdd0e21f43b3c040d8c82e94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f4355f14-eca7-4b03-a8f4-c0c80af05d16.tmp

Filesize
7KB

MD5
4b5d58b3dfbfefede44d8ad749d5b4fe

SHA1
495fd43e26381172376df832e75ee913144a5be8

SHA256
1f8dd8c439195baaf84ec9c2b1cd74ffdf130c9b180c0d0ba4c7974537f27cf5

SHA512
004b35457bcd3d8e49fb0c1a3a96e138aab636443e31d457ae6d9ae30419b8b740a758d16457b60aae78910e20c7ecc8a75d4abf67653c4c7a01f9e13441d608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c773a61d71ee657e7b85bff0ca5b984f

SHA1
a9af2287f3f2861b68768fdece90b22f60fe7727

SHA256
25c4d6e7828944851d9a80ce5948cbf3e41fed258741815f1077b1a103a3c298

SHA512
3cbb5163f9cf4a117f8916fe8bf77943a4439db79d513a135644ef76392456088a2d27e2e32066a01f45c80aecc38de126f377bbe29761401c5e0fffe7056aeb

Download Submit