81b19c6a731043a0741bb9eb5e5c1b5a0a171c2f51c818c6f2abcbe7f63fb450

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27-09-2024 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9f984ec392803b035992838ba6541a9_JaffaCakes118.html
Size

131KB
MD5

f9f984ec392803b035992838ba6541a9
SHA1

33817127c73b3c28dc84477499127c8bb2b34b85
SHA256

81b19c6a731043a0741bb9eb5e5c1b5a0a171c2f51c818c6f2abcbe7f63fb450
SHA512

baeb8ae9720146c5958ea66827a427d89a180ee59b514c7356fe5d2494645e09fd838559ddc1567584c1009f9a96903bdbca3668b9a3de6a9cf595135b1ebedf
SSDEEP

3072:uCN1AvqWKiWj6OGO4TLJ5FmHjAg5OtL+5qlmSKiQc6sPKdo71pBeD3uUAnH5:h6q4TLJ5FmHjAg5OtL+5qlmSKiQc6sPB

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2808	msedge.exe
2808	msedge.exe
2384	msedge.exe
2384	msedge.exe
4800	identity_helper.exe
4800	identity_helper.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2892	2384	msedge.exe	82
PID 2384 wrote to memory of 2892	2384	msedge.exe	82
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2076	2384	msedge.exe	83
PID 2384 wrote to memory of 2808	2384	msedge.exe	84
PID 2384 wrote to memory of 2808	2384	msedge.exe	84
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85
PID 2384 wrote to memory of 3636	2384	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f9f984ec392803b035992838ba6541a9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd95346f8,0x7ffcd9534708,0x7ffcd9534718
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17178696711752624252,2063269948651472029,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,17178696711752624252,2063269948651472029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,17178696711752624252,2063269948651472029,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17178696711752624252,2063269948651472029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17178696711752624252,2063269948651472029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17178696711752624252,2063269948651472029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17178696711752624252,2063269948651472029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17178696711752624252,2063269948651472029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17178696711752624252,2063269948651472029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17178696711752624252,2063269948651472029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17178696711752624252,2063269948651472029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17178696711752624252,2063269948651472029,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4644 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
419B

MD5
5e627580cfc6b98236ba8a6bc2e53aef

SHA1
5ca40ee56f82e27b2a7ea3b7f3ba743a7302453a

SHA256
663977e0a834d0b31f053c1d43181526d3bac7730437660171e186e87cdf87ae

SHA512
031866344f42c3419a3bf5afedeb7467297b9799ad7092b8625725e4451f9dba3077d46728e6073b31545e72e5a2c17c706c2202cd18d311da60171a538e7cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
270B

MD5
4da79485f3d27fc7698373081b410182

SHA1
64aecc0af7b9d9b49bb83ddf52124628eb1a8f99

SHA256
a33de89a78754890f1cc143923a765b4349f7a25b8d5cb8328f9e8f0e0607f04

SHA512
32c317c7c3a5dea9531c81eda1834ef2b11085d90d696a9f503357a8c1536ce205163164fbfca9c7dfd825d67d2855f00ff7365c89e7253a70bf579b00e119f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7fb01efa79f7f0e5602d622954d95d0b

SHA1
866369469c5cbb2bcc11cbc24a7b7bf1d0028231

SHA256
d6d0a65d5b2e15dd7bf211b2b07395976c215bd82c43f524a34f8e35e620e8a5

SHA512
36ad3f501d2f0d0728389ac541aebc1908d008aca6f603b0ef3ae93773123a99663913445c466ab1963077d63bcc987838fa2dca27aaa5981b0d0cc688c314db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4bab04c784bf6b910f9260bc75634eba

SHA1
0b747a210f00acfa3d15ca3e2dd6d25660a11fa7

SHA256
48eef4a133a72c7338b079abed71ebd62a1f769b839f2aac8f3864657edb7173

SHA512
869c3d48cee969e98d37c9de72dbdd9a8848ec368aeb8e76fe63b8ac2d80328da6f6b102007f33e99fad1e24ff419e0c38bf0f112f76b7688bbdda5c5d3dded0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
0e3f2a6e64b7c6a31480d332378755c6

SHA1
10cfe74aa1cbfd4921a066bdf2f1f65e04fa2283

SHA256
f96b0de34ad84cc8f1b7974246eb4cee034e0278bf064a6879e3bdefc9a53768

SHA512
82fa6bf21bcb7791e92659a8986735c69ad455ca76b2a5441a192820e9442dab6aa9ca3c2b667bef30685f4c66767204c8d25f6b39f5a6dc4780d1539b6de588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e932.TMP

Filesize
372B

MD5
a1cfd939fd7ca218387164559b657a62

SHA1
3536316856db95e4267f24534e7f58c141800c99

SHA256
22eb513d4737baf10ccb0bce42cefb4c829b1413516f5e2f60a55638e39d9880

SHA512
49a178f79e38a22622207bad51691aa10d6db5d1022526c202ee32d90e3909edb3de1e663c3b322213e1c767693fd28dd4a10d7d08a39a7fcede2c96c6506147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
14c677ec1dd6d59cbf878374dd2c2a70

SHA1
69f7f4b021654713c90539b5b4dcec315241f47e

SHA256
dcc3c8f0bca45a9c7a51db78cdc3b6c15f890cc3b2d4bfe2c2ca762010d9fd20

SHA512
47a367bb875803081885076128d0296f8b126ac2ec258d36660fe1368a212ea11e3a4a8d357830e9612239604ef1b20503825af686ab8dd2b71e49d29b37a514

Download Submit