a434227a3bd780418595c2708ca9a05c059e0628f1ed769da57f337b51c792dd

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2024 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5431e1e70f266351897d1114e2d5e41_JaffaCakes118.html
Size

40KB
MD5

f5431e1e70f266351897d1114e2d5e41
SHA1

f5547c5baeab0571110d824d2a412a8743dfedb5
SHA256

a434227a3bd780418595c2708ca9a05c059e0628f1ed769da57f337b51c792dd
SHA512

3b8b4d204a619ac8b9a59687a2c52fad867b23fac906182b34107f09fb95f82623e4d133b856681f8df2a2ac07d414a1bdee36562f6e8397fd75d3f5d75e1177
SSDEEP

768:NF8xdHH6PVTKpr3XK53NinlDCv5C+cQguMhhPVjn1C460dA2XoFu4Vp6:NF83HoWprnK53NinlDCv5C+cQZMbzda8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1172	msedge.exe
1172	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 5048	1172	msedge.exe	82
PID 1172 wrote to memory of 5048	1172	msedge.exe	82
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 5100	1172	msedge.exe	83
PID 1172 wrote to memory of 1460	1172	msedge.exe	84
PID 1172 wrote to memory of 1460	1172	msedge.exe	84
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85
PID 1172 wrote to memory of 5064	1172	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f5431e1e70f266351897d1114e2d5e41_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc8c046f8,0x7ffdc8c04708,0x7ffdc8c04718
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,1917987973528986760,16554584658537675310,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,1917987973528986760,16554584658537675310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,1917987973528986760,16554584658537675310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1917987973528986760,16554584658537675310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1917987973528986760,16554584658537675310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1917987973528986760,16554584658537675310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1917987973528986760,16554584658537675310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1917987973528986760,16554584658537675310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,1917987973528986760,16554584658537675310,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
19b48208eb9ed87ed2d550afa66cbb46

SHA1
9e6fab4b851f2335aaacbc77fcd1bfad93571ab7

SHA256
f97d62f7a40809d21e0fdbd3f9c343b467b6271a479111714c72addb8016ba1e

SHA512
bcdac9c4e5180e6ef341612a0685e261701cca34ca81caced2deb927f5d899abd7189773bfeb4498181981e28fa761d5ce875e520e45e0fa27fd350b3bc628f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
54333b5a0c83bae99653b0091221ca98

SHA1
f9939be036b4a27be8f914ff719747a96db1c903

SHA256
3591a3d002b06a08dec5717d5cca369233df13ef98474ffd90315eb5085db5d2

SHA512
1b1d7228064f21c4e4e77a07e47b157784e5dcd9a6853288740f23302f51d56a7629d034c534a722dca6f894288e1e8875d0297b5febc9d61d7105810a5c0d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
64c48d881e05a988079faa8427e4545c

SHA1
1b6238cce7a49a388a22821d509a6c0472cd493c

SHA256
ebe126f3ecf423df0984061e3fe95b0d7448ef76fd9b8910a118cc85edde0fbf

SHA512
8e11664b0c0123225a2f48c65373708f0ec295a6bc7c2e433c097f4b8f7f1b4ab3a9203ac2e4524e23eac09b15d066d480ff987d9823b3ffa4e153f5754cae94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2ff54b69675b2be112a0886c2958328

SHA1
1208ef8475216370b55a891d5a07d3fa65b37f5c

SHA256
fa506d707e9b72a5934ac9628b6b42064be133057f36fc226e2369a6bb86ea9b

SHA512
bdf24c8e3a86ebae3646f7aed0d15c350cdd023288e65c4b79a1babeb58ede20fe9812701452eb77d29d66930e77363935c60c5924a660c6114b2dc73493cc37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5550171cdcdf0015e8f5f9a6a531274f

SHA1
5b4aa7ac16f1bb87f7eb7533afa3a916c6acdc02

SHA256
6f263de8c12131ad341967440a2db04bff5ef7fe7c7db6dba67ed88721f4beab

SHA512
681c69cd49ad284ee6a38449d7973fee2171f027305cdb0ba15035f338a5a462df97e34a223f2b8476fe1c91d302ae1367ae1e9b97f84e8ccd5866e053faa874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5f32234f44aa4413ef418565747ac0c6

SHA1
1b22e378042f558df90932ac672a9c6e29631d4a

SHA256
e5ce50f2093b38919b74956135b584c6ab4be3f328ca09d123cc200833d6acd4

SHA512
c102b310d5a30b35d914ff3b893362b8ce07ad9574ad24154e206964dba4fe5b202d7f2bff662d5348a9c398e948541d886308a35993afe3ac3cbd48859d530b

Download Submit