1e00eb6c24adb79df36e0c3ff1469207a0c19ae179a9b6accbb8660b09568a05

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebd6b2d8b004e66e00da3425912d7455_JaffaCakes118.html
Size

18KB
MD5

ebd6b2d8b004e66e00da3425912d7455
SHA1

6404be701435d25433ec177360020aada07739a4
SHA256

1e00eb6c24adb79df36e0c3ff1469207a0c19ae179a9b6accbb8660b09568a05
SHA512

5fcb07f5da5816465517659028781558c0e2aff1ae2d7369573f012ffd9d04b65de9696aa3ca5430c05c0930a7963d0104153d45e9c69e2ef130e22815723b32
SSDEEP

384:smlIc/tu483THm19bwgN6Z8V//gb5LOXguLZ:Sz8V3glExLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
4484	msedge.exe
4484	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 3528	4484	msedge.exe	82
PID 4484 wrote to memory of 3528	4484	msedge.exe	82
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3788	4484	msedge.exe	83
PID 4484 wrote to memory of 3692	4484	msedge.exe	84
PID 4484 wrote to memory of 3692	4484	msedge.exe	84
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85
PID 4484 wrote to memory of 976	4484	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ebd6b2d8b004e66e00da3425912d7455_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ff83db846f8,0x7ff83db84708,0x7ff83db84718
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9303599759958169412,9735716330730152933,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,9303599759958169412,9735716330730152933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,9303599759958169412,9735716330730152933,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9303599759958169412,9735716330730152933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9303599759958169412,9735716330730152933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9303599759958169412,9735716330730152933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9303599759958169412,9735716330730152933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9303599759958169412,9735716330730152933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9303599759958169412,9735716330730152933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9303599759958169412,9735716330730152933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9303599759958169412,9735716330730152933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9303599759958169412,9735716330730152933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9303599759958169412,9735716330730152933,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3fa3d371ed1d4204710ff289106a0ff3

SHA1
bb45d046165be483a3c8e652e4cda5a794e8fd67

SHA256
4a4fc7aa68cc77afa23181f9c1f16cb5286be0cd96b9a6f5edd6d3193cfbf334

SHA512
729b992f1632b699a7ef53fc8f8b1b581e1159daf5d6303f4f15bdef7408c0eb5121d99591ebeeb9df023bb322f049583243fcd588aaab9e2da51254e4d8fe12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ecbd79c3c5dde6711596569a8b83a69a

SHA1
526f17c67ec3c827d6dcefc087ae06100c948940

SHA256
c9d05464fa06399139c2ee9d5f697b3af1e8ba867555e76d7766c644525ea592

SHA512
afda679f3925096579f95077aff290e0ecfb5f92c83c8a4184311f73d2a44e6b508c00c88de5f167c3fa80cd52215f1a8bc19a0374c5ee4900c4364a38325bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
862f668dc36a98f3b02d222b89bd445f

SHA1
ab484e02b7b67688b06709c03402274359930f24

SHA256
ad86cadeebf71263b9ec49adf179196ea436804108113bbac028ea9e2c0d6d5c

SHA512
e46c2ce6ae434fb8616a58ad0fbea240c233f0f09d7a8552821064047d22170e214bed2fb6a70def630137f60aca6a4b45f648a3499a786a81d26a488a410040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2023ef3e612eeb039cf9caf1640619c7

SHA1
844d69aba09296a042fb065e8767a944f6947022

SHA256
7c8c9b4c4959dd4593828be291b552a93534df2c8f470d8a16edb4170747cfaa

SHA512
6a3ca7bc9cd2ddca9eb7a946e5490f66a7c7b0324a21f2162fbdd2af680041543746b5b239c30fdaae93279fe04717be2c0a196a891318588b2878ef3ea0c431

Download Submit