11cf3aa6e7d908df2b0dedd6f2a8ec6e5b010b20e1280835e03946be825cc2ff

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 06:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f9ed1afe75b1cefbece72892e30d2662_JaffaCakes118.html
Size

136KB
MD5

f9ed1afe75b1cefbece72892e30d2662
SHA1

5c83544e0e42609cdacf4324f73906ace3d99291
SHA256

11cf3aa6e7d908df2b0dedd6f2a8ec6e5b010b20e1280835e03946be825cc2ff
SHA512

ee8e6b221f5c66f9fa022702a86c51ce340aeb31495c7ce9f0d269c86208eb46c98e593d12fa4fe70182424f69da2e090947a48fc2f6f6a7ab07452e946f2ac9
SSDEEP

1536:C03HH21gQcAOnmYKjaP4BZ0ap7stMX24M6:CiHWuJnmj+P4BZ0ap7stMX24M6

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
1272	msedge.exe
1272	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 4488	1272	msedge.exe	82
PID 1272 wrote to memory of 4488	1272	msedge.exe	82
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 3032	1272	msedge.exe	83
PID 1272 wrote to memory of 4444	1272	msedge.exe	84
PID 1272 wrote to memory of 4444	1272	msedge.exe	84
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85
PID 1272 wrote to memory of 3832	1272	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f9ed1afe75b1cefbece72892e30d2662_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8b5d46f8,0x7ffa8b5d4708,0x7ffa8b5d4718
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17588115365607631027,18022353537243620278,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17588115365607631027,18022353537243620278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17588115365607631027,18022353537243620278,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17588115365607631027,18022353537243620278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17588115365607631027,18022353537243620278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17588115365607631027,18022353537243620278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17588115365607631027,18022353537243620278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17588115365607631027,18022353537243620278,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5eeaa77a-d2fc-47fa-9693-6f501a7944d6.tmp

Filesize
1KB

MD5
f098aae2138518d009d8b063ae645c52

SHA1
37f10a3d0c14e52cd7b6abcb3544816007619550

SHA256
c6185bb11b5193d5e72a5e0f7cecb440eab9a4cbfa74c202999024ace92461fc

SHA512
23a24fe617c82033b9ed69476b9d053d8bc88e4c4e939e6896cbd858a235bd9250567dbbb8d6aaaa79ecea7b1f70490083ba6d0f5ff4c524dd2196663ae68e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
c897f8479da25ec570027594f1b4db24

SHA1
81a3ff06cf35a87e697fc4733966dffc270ad06b

SHA256
7fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc

SHA512
b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
283eaef38ecfe3ab31b69e0ebbf82a5d

SHA1
048fadd61eb360eeea1259c2290cd13b2befa452

SHA256
7f99fdf1d26732ef994e396c766ae9b759b3d16c44c05d9838724b399cc0a645

SHA512
9d5398e7aa96c65abe920b8c68115feca1791713cb8766abc75a6df3998f9b098112ea75d212c29b35fd10db251c99e44ddbc7fb59af6c4d815fed886441b8e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
49fe05794a44546003a73ce23fef346b

SHA1
e8a1cdbb4051279b4f08aa13956230c9212424f8

SHA256
90934aaf7d4f64baa2d51a858eae13ae37a022e385c58ba7d203a672fbe700e6

SHA512
99dd211d20f18bb3498efa901dc5856685c261375a27bee36d00b82fc4ea55c105a4209796bd8b1d6c358cbe141ffb226d4457f1986401092eb8520ebd81e081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
4a48daead0fa1b216b900ef86046db2c

SHA1
839aea72766b50282631bee6b9a193b84eefb3a7

SHA256
26af200c2c33e917fc5033d0c8481b8957b58aa9ebd730611434964dca4e1689

SHA512
95631f3d854ba2c4baa4d2f204d672f126121b22afa57d0cd26fa05a5324842006741cfc6dd95ed561d2b5a90878221c679ce263a29d34c1939497e2a8aac3de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
613e1df73c672359e1a411717efacce8

SHA1
e611fd5e728e962274320473298b28b05f99ec1d

SHA256
bc1da060efa2a314cd1d171617c42d853adefc986435912a8c1fb1e28795e40d

SHA512
fb39539ad874de5c8685b45c86ad62deb0effea8b3289edfedd15ee782d2ecbcac6992ce1817e4041752db3cf1c2c77b20e28703bdcbc1f94df3982b2dc1ef53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f4aeab83ad98958845f811ebe411a07

SHA1
ddb0a71bf383db28ea70469f1812faee58baf993

SHA256
f5d262ba920fe184f93ca054365394dfdb92e751f702ee21496e47ef04378cd8

SHA512
26303768a8697d8e6aea1a12ac52cfed51f33dcf11680871479400ceca43fd87bc075c2e11bc7e79037389fc1cdb5097d685d1e52a9d69238492b976fca1f127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a605bc1527f6544c330d5ef1d903463

SHA1
ea72fdc94cfaa0a52b1d3a765091b96855650258

SHA256
01cd10fb9b6c4e921cdae3740cfb4d2756a65f48217e701e46dcca7cd9a903a3

SHA512
54e90c3d1fc81d669d8aee37b989b624d4401c293df945428885b46b2b08a7be488b6fa5dbe5adf3967cba9072c0bc8a7f2005c6c49f96ae99f7f8d31edffef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
6bb3110a85cb1ac45816cee26fb51141

SHA1
22f1738b68c9e3df8843ce648fc00ce43d8a764e

SHA256
059c4c1389a9ade52f8c18511e2741f0b1c0f38e739d194401e64bfee5d008f6

SHA512
40c45bef38ffd39b8191d66d548586b88b9bc9bb3e3371d7215ff2ae34eada82c8561d5e9dda2e361b6c2c304bf7cd0301cc002bef5e15b24f32024f8a2bc504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b3da.TMP

Filesize
203B

MD5
342d95811392d7d71d91c49a197b5b14

SHA1
d7fbae6850f8e75d7125a22bec9a3b1c78c773b5

SHA256
a8dcea2e019e960ce7c95d637291881bd48c5d9393c25af3cab8ac981ce7ee9f

SHA512
2e593528868fe9e989df0fef481031ee52707816b365c4be33053893d136b9c22a77d69a6abbcdb17c69edc9bf9c1a6736d523b07ec9ae4b32477238a79bd320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c993fd5c3df2ca5ab2fbbeb5e50c1e0e

SHA1
3714a8082e63a85b200b39918eaa9966f07360f5

SHA256
488aa177b6bbb6867858e834b8ec13ade3ccd34637506b81808571e7cf2ec281

SHA512
5c466ae9b3b4336a6f4db9369d0e678883c4d173d7b7a905ef5d1029b2f19c4facee21d865f3911ddb09046336ffd8b8dc34d8df4d2bfd99aa695393786a249a

Download Submit