0d8a2773046e33b5022d8febbfe535b56144f9ec530bfd285f1783f826746cdb

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb3acd926a8ae6c006cd1499908b5f8b_JaffaCakes118.html
Size

105KB
MD5

eb3acd926a8ae6c006cd1499908b5f8b
SHA1

465bde8aa5746f1a32ecb10ac638d6899a6a04be
SHA256

0d8a2773046e33b5022d8febbfe535b56144f9ec530bfd285f1783f826746cdb
SHA512

b60eeffee198d796d7fad1c14d27237081f5758dd30bfba59ca23bd233079ce378ff54a68fc253a1c5af05d63d173b140f4633cb18074f229f7b663d75469add
SSDEEP

3072:5U9gk34SPZD3FGcXmNRS+PT+4mmz4BH1uztr:Q53hXmNRFr

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4576	msedge.exe
4576	msedge.exe
1852	msedge.exe
1852	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 2232	1852	msedge.exe	82
PID 1852 wrote to memory of 2232	1852	msedge.exe	82
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 1164	1852	msedge.exe	83
PID 1852 wrote to memory of 4576	1852	msedge.exe	84
PID 1852 wrote to memory of 4576	1852	msedge.exe	84
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85
PID 1852 wrote to memory of 4680	1852	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eb3acd926a8ae6c006cd1499908b5f8b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c68146f8,0x7ff9c6814708,0x7ff9c6814718
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8287180014807398024,11819094570839008789,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,8287180014807398024,11819094570839008789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,8287180014807398024,11819094570839008789,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8287180014807398024,11819094570839008789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8287180014807398024,11819094570839008789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8287180014807398024,11819094570839008789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8287180014807398024,11819094570839008789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8287180014807398024,11819094570839008789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8287180014807398024,11819094570839008789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8287180014807398024,11819094570839008789,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6344 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
5eaa53f0b4e4dab316e4fbed15a1d7f7

SHA1
29fe899e67612c306d594e5aecaed345c26d1347

SHA256
d8ae509eae7c75f043b69ea6f41e2cff095c58af19dad1fe5088d5156d8026de

SHA512
c9f532132604272074ef9a5200e59d6dcfcbddc89f8e59cab5ec78b900693047195c1b458332f4176d8903821aa493c8e94973bbe9dc3fd98b6ea36487db6069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8261194dd3b303145e3221727092fff8

SHA1
1583acc5c9043f104868baca75e0fb3664e0ee63

SHA256
dff867b9d8304cd5e02f0ff4b1848fea762793996c67a0160f1d1bb72b21391c

SHA512
3eab4f854d5f39d0aea2440c55baed0a1ba513c6dab6bd2cc443b55cec7f844659ac4db85f966befd02456cf601ef27953e4fc5e62af4b6ab7c7503093eb26a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
78f90af706a3282913dd7a3cdf65119e

SHA1
8467cca94ba11362fcab25b052861cd746243fb7

SHA256
7c2fcb90fd04644342a83ff81de90575bdf6f563426af5e7298355db029ccf4a

SHA512
9383441d9314d2a0f0ca72feb351af0ce2effb9a5af4cda3c070813a9ab844c4d2a9efad0b9a8032cf2a1cdb32d81c183ec34d9c1c8de4652c9ee691b3a3c5b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5088dc67c0d629f99c247eb876d26520

SHA1
c2c4cbbaf6b01bdb97828c4bf4fb72d8f33cba83

SHA256
b3b0d8c0f20c3d14064d92eabb48244b8bc7a06e42b92aa8e10d90efba3aa5be

SHA512
18adf1f145133eb589675b297962a198ffdb5ea1e8cfe1c6d99f328a38f011e2dd5b06318d461cae21966f413b918b5cc98e09c66eb426a9fa234105aede0230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
ebf6cf8f4233fb72d07544c67f3871e7

SHA1
55f170d91838a66dad6569dd8c6948638c3f3505

SHA256
115d583fb7ddc03fb068abca237a8970ac324878c7b11b597b3360ee6683b479

SHA512
64a201d3ab1f78bc95b47ac71f538be00ac581f4c29bb55b56c4117be7190dfa6539728ac3fe47da929790a39c732a7429e13689384593a3d9084231f42e8e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
e524863e21e33c64b3dd7abda3a287f3

SHA1
9560e1581820680e2b6cfd598fc3965cff4b9cc5

SHA256
fb0e27c3b07f57f3899de38b89bea09601184ad8b729a48ee19f0fe1b499dfd7

SHA512
9a66a0bd11ee00f66d75da793848bd7d2115f757c100c8ea38b9a49aa1716c88d21aa59cfb04d3cee57d541bf2936731ab2ce6e35021eb1ae01587023a578746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582f87.TMP

Filesize
201B

MD5
7ff4970853315d8bec715f00658bf410

SHA1
c1b5f6108dd51dcd99a294641eaafce181ff468c

SHA256
b767311276aa8dd0e3c4eb160cf77503c91a04732b41859b5171b70f90f52383

SHA512
c0ffcbc03fcbb06615dd594424a12e51964ecb777e593b27b114f682960cf0a4be47217fe101b1a5928b19c26cc4a1c23acc5f11f3bd61ec6c85db006e657593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5e0a92ec2e21f3140d37f371c85e9c7a

SHA1
174b7fcac04505b225f46627ea30815ddae0a28d

SHA256
c117adc007b0532422be09f23ba760f6547b978e114651860c9ed10235e5b37b

SHA512
67fc8b283d1f60e88f6ee0ef497080e2fc8b066fa0105711f9ec0659dddfd03f611c485cb1a4d536c05007b1c04d16c2c6559dab62794ccbb4e10e28f39d117c

Download Submit