30ce00db2636cda24ae46d8f0c9dd398d44b4cf572322c2d28d10e154a259340

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 12:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fa6470f222c93f87f6183d5260888db7_JaffaCakes118.html
Size

37KB
MD5

fa6470f222c93f87f6183d5260888db7
SHA1

c2ab09cd077449e665694f4c27cf64a7dceb0fe1
SHA256

30ce00db2636cda24ae46d8f0c9dd398d44b4cf572322c2d28d10e154a259340
SHA512

445095c290b7737911aada757468328a792bbc7e533fafa33b0f29d5dd209b16b52491c7e331056ab5e238d9dd69b8525c00ec788bb0aa5d0d063a965230330c
SSDEEP

768:B/bVFRFQW81D4RA+vEOjz6rdG2Gil54RZfPGnf3Gu34a1i6781DdRA4vEOjq6h8q:lRFQW81D4RA+vEOjz6raA7IawC81DdRv

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4292	msedge.exe
4292	msedge.exe
4768	identity_helper.exe
4768	identity_helper.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 5076	4292	msedge.exe	82
PID 4292 wrote to memory of 5076	4292	msedge.exe	82
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 2264	4292	msedge.exe	83
PID 4292 wrote to memory of 4156	4292	msedge.exe	84
PID 4292 wrote to memory of 4156	4292	msedge.exe	84
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85
PID 4292 wrote to memory of 540	4292	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fa6470f222c93f87f6183d5260888db7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffbf8ae46f8,0x7ffbf8ae4708,0x7ffbf8ae4718
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9442614245771532469,9855880632313984491,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,9442614245771532469,9855880632313984491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,9442614245771532469,9855880632313984491,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9442614245771532469,9855880632313984491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9442614245771532469,9855880632313984491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9442614245771532469,9855880632313984491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9442614245771532469,9855880632313984491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9442614245771532469,9855880632313984491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9442614245771532469,9855880632313984491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9442614245771532469,9855880632313984491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9442614245771532469,9855880632313984491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9442614245771532469,9855880632313984491,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
724B

MD5
907938dd4b09c38d0c14b1051089bc38

SHA1
6766cc518706ed2bdbd42a08825a7031c3a93c74

SHA256
628d952652b6bb5461074d6014f67402e785a6b0358d8a56272baa4e00145583

SHA512
7c0fc5157f559bf59d510bfe4775ee4e1ddf495e159330c4eabbf734c7fd87c18549af59aecf7e485d6acec00db76f72c6dfaeee31b4748754f9d7940c2c9df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e81032a4cabc81865d1b19fe606c6d9c

SHA1
97d10d37346ec299c7bf0461ed5d9e5e0abfb266

SHA256
d1f60ec9dc0576817595be5dfbe1f8017def65447576cf3ed46414df87bff74e

SHA512
92de9bd551a6f05094c06ca704e3bea715c590d5a5572af57d4b6c4dcea6006a803bdbe8528b66e0d07df8ce00a65f19f296c15dafc6b5f9c05d34fe92c33689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
182bd37288539ee19f473cb000155619

SHA1
be238a55969fd4487df37e005a2d10747b2711e7

SHA256
7779df75f50ce51f0d0feadb95c8c1d86919dd694ffa42bddcb07a9f4b31ee78

SHA512
a1f8c1dcca46585838e079ea941fa0055679ec8781f2e6f798f93d10e6558ea9365f2f293ed99cf3acb5066395433fac2652a0fdd827334ec7365319e0830f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d36ba8ce53a8bea7b3044cd9bcc38cd

SHA1
5bd05cfec85dd71b5fca6396ac4c623acec22468

SHA256
28e3da65cc969c016be5514bd432b598e25009b1478d5d9a62a3dd8c196911c9

SHA512
ca10086a498f9e2982518853ee67c64a2561c40dda0b177507f2f72eda6b10d8bacc64354c4e907adf02c13c6ddfca115f3290aafa1976cea33aa99d723dffd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a37780b6-0154-448b-b8ef-d75096cf9099.tmp

Filesize
6KB

MD5
aaa8403c5a32f1c9419b344d57e1c0dc

SHA1
f7dee37b7a796bee64896ac6d9afd77015971b70

SHA256
5f6d15ffb4089bf99886fd83812c4a570d629c45fcdce93bd58fcb72e197ed52

SHA512
46043fa3992049ffd980c9fe544289efb24c3f76bed72c6b7c00a700593fc1a547598b1df5d799e81236f84dcb10fae05b759f6f5a910621d309fd8a89e315c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a69681470ed57f954cd1ba7770c92160

SHA1
f1604e4647fb869e3dc657888fdeab70c657e64d

SHA256
51c74e144d07222890b2e20afe874d8ec97bf21677f798d83280494b2b42bfff

SHA512
31d75631b17bf1971e92df909d2185bb61b47ed7224ceac414b587fbad6ee472be4061852efc453cde642d83be0484c54bf27a69fedc5c34ede82824d92c349d

Download Submit