a2c4b4c85e4acbe538ccda675a207820903c9f88126d40069adb92d48600c04f

Analysis

max time kernel
145s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2024 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5fcfbe44ac773fd2cf1c92353b92f9c_JaffaCakes118.html
Size

15KB
MD5

f5fcfbe44ac773fd2cf1c92353b92f9c
SHA1

243cdc1f4b7610572ead101fe1fd772e2a2030da
SHA256

a2c4b4c85e4acbe538ccda675a207820903c9f88126d40069adb92d48600c04f
SHA512

574a8084cfed4a685573f8b973d2cfcaf1a278ddaa28997e86f7a61227c37c0bc89afb1f51e11c444ec027141be951294fc9d6d62c6f5d357515bc3beb1f3b7d
SSDEEP

384:km/peY0SedUmHIlswpk4CKIgdW7TighHN:km/peY0SKUmH5wpVCKkhHN

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1776	msedge.exe
1776	msedge.exe
3680	msedge.exe
3680	msedge.exe
2364	identity_helper.exe
2364	identity_helper.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3680 wrote to memory of 2656	3680	msedge.exe	82
PID 3680 wrote to memory of 2656	3680	msedge.exe	82
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 3280	3680	msedge.exe	83
PID 3680 wrote to memory of 1776	3680	msedge.exe	84
PID 3680 wrote to memory of 1776	3680	msedge.exe	84
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85
PID 3680 wrote to memory of 3928	3680	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f5fcfbe44ac773fd2cf1c92353b92f9c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff526546f8,0x7fff52654708,0x7fff52654718
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,10266850691424210385,8563727316191241545,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,10266850691424210385,8563727316191241545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,10266850691424210385,8563727316191241545,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,10266850691424210385,8563727316191241545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,10266850691424210385,8563727316191241545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,10266850691424210385,8563727316191241545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,10266850691424210385,8563727316191241545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,10266850691424210385,8563727316191241545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,10266850691424210385,8563727316191241545,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,10266850691424210385,8563727316191241545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,10266850691424210385,8563727316191241545,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,10266850691424210385,8563727316191241545,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f4855cfc50f96d5d6c87feeb3dd2491

SHA1
e9c78aabd306894a082a97425f13ce4953d9fdaf

SHA256
8ce9b66f78535abec8f5e6c183365dd2d7cb610a5f625a81bce9d7518a402f3e

SHA512
65837e11911afb5e39737143b983bced66d905d77f2888c941ed30461913d6950adaee96b8169bb8dd71c34023701747c7737f889e7ee547706c1427f7fe8b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1f485088d7c53a80ca94582caa74662

SHA1
41f62e4e5902f18d2815d6abbecb795d899e1f14

SHA256
dd228317cb1f302aa2089a6c4ad4cc6660bd5aba6cbc1f0e700bebf0e322d325

SHA512
35fe18624aea477913a11a3a827c239b7cfb46217aa4ad29693a4446dba8bed51ea9b61f828c3d1fc88162b72b167832624584ade03cc33354a7e59ccbd00dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
141268352603722a60f7177244453fc3

SHA1
9762a5ab2cfdb9ef83ea3bdff72d81e4fb398c21

SHA256
9a1c34c24a318d5e49edbee2b727b7e77201ee211ea54ac0367f2e202c3f351d

SHA512
3fc9726943becb32b189384faf1b0f4ad2f284bac0b9f2d49748a11389cf763a2998fa96993cf7154a94bdcfee4075f2dbc2393bbfc16f12e7f3ac28d2d75f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
56234b04c49fce289f4bc9483e1d3e2b

SHA1
bfc50999d3bb160f528d7c653b846e27ce674410

SHA256
3f69d925fb653e7eb1915b53c9f0eadf884e164f175aac02f9f395527dbce0ed

SHA512
a93abd3ecd1863365cf7141560c835992a8ae89b9622e54851a8f6fb2c8bc31b7bfc28f6d707ad653716e6c9f5aac9bf09b65f6404cbd05882e1d6972b06745f

Download Submit