b856797ae243559a5f6170e7fe51eb678d6ce29ef384fd2d80bfaa833b608d4d

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27-09-2024 05:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9c636fe8eefafd78c48c651a23eec65_JaffaCakes118.html
Size

36KB
MD5

f9c636fe8eefafd78c48c651a23eec65
SHA1

d54d99b578befa18760eb9e3df418616c5abfc87
SHA256

b856797ae243559a5f6170e7fe51eb678d6ce29ef384fd2d80bfaa833b608d4d
SHA512

22ca89908db9b8f7e725fff778d5b917bc3d09b95b50566d0353b4dd783e63f276b5715803a965631e0e238d72d9ed469b332d4795f3d0d42560f49f4cbaf583
SSDEEP

768:q4FQW81D4RA+vEOjz6rdG2Gil54RZfPGnf3Gu34a/i6781DdRA4vEOjq6h8aRlR9:ZFQW81D4RA+vEOjz6raA7IaqC81DdRAW

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1148	msedge.exe
1148	msedge.exe
3596	identity_helper.exe
3596	identity_helper.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 2612	1148	msedge.exe	82
PID 1148 wrote to memory of 2612	1148	msedge.exe	82
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 956	1148	msedge.exe	83
PID 1148 wrote to memory of 1396	1148	msedge.exe	84
PID 1148 wrote to memory of 1396	1148	msedge.exe	84
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85
PID 1148 wrote to memory of 4980	1148	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f9c636fe8eefafd78c48c651a23eec65_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2a9f46f8,0x7ffd2a9f4708,0x7ffd2a9f4718
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15716294742865228708,6243120783516598121,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,15716294742865228708,6243120783516598121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,15716294742865228708,6243120783516598121,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15716294742865228708,6243120783516598121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15716294742865228708,6243120783516598121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15716294742865228708,6243120783516598121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15716294742865228708,6243120783516598121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15716294742865228708,6243120783516598121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15716294742865228708,6243120783516598121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15716294742865228708,6243120783516598121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15716294742865228708,6243120783516598121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15716294742865228708,6243120783516598121,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
572B

MD5
5d2f76522f82f5ea485d6230c32c18d5

SHA1
1f369eb7def5975592fade2edd556b36864febec

SHA256
21056a7b48b248005c3fcfc287a6a6b65a6b043e6d817389135f70f18bdde2d0

SHA512
689254b32d6b5c2632914f31a1962b3aecf7ce6faf9e8ffcc59c2b24e303c6b37344284f7969a160f7ef463befe137be8cda0a115ae4965f15504e1aa315168c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc8faaef1a566a96251a60ae09a93cfd

SHA1
719a9726a638d01a1ffb9e43bed4332fe09b6560

SHA256
d842d791995dc41c065a8c9144556430c1a127f5ba4c4df46cf53be5a2233b42

SHA512
3b88555e51a94df6f20218d19d3d5722260e0d8d8cb7934cb7d5ddcd8102523cfc0eb86e163a8f774c3c79ae1febfa29f53d92d08152848a77e0fb43a8975bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
18aea5e30f6d108156663f13d0d31150

SHA1
341ec3cb1590bbad516aa017ba927ed2b72822a2

SHA256
ddd7a7114994b83aab09e031c5745705dba2ef2b06bf5c8646125ea8ed8c879c

SHA512
84b5323c5f1af6d5767699b604ab26e6d887639ac29d4b1178debde79f7d6ca0dda81252e23df3517d3526e46ae4aa5b3d92d45a5162c9827013f342894002e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f512b0b64c68922af61a87fadc8ef8c2

SHA1
166f3cdd7743c10957ea6efffd9574c5a5ee5a20

SHA256
354d2b45f8ee8f23f46ff613084e9e2fff9311a556d6f1ff31acbee753e7e182

SHA512
31efce3ef108cb17129d7cd30b7739fea557a83d069b8123f4170d5c9b39e180271154cae0a57fa4411b8d57236f142b64e4a8e0c12373a95f5b2a53c13f46f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
af430e9088ee2c90338025d4e49808e8

SHA1
e78f26b116e38cfa2d3b3e841f9625ac39964149

SHA256
606a7e341132a308a0eebee87bfdd4b94054d325d58efe2f9e6fe11f1011c1c7

SHA512
5aff460e434fa817096603cb67a470683ef9899a20bc137000a5c3485afccb2f3231c193c3f004e749f6234114aeacb91d6bb2f950daaec543b5e24838e6b41e

Download Submit