234b39b6d1273907b11413781ab04ef1b60fe9f27bdb6b2a8c353e328b1b40fc

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fab7a47675b842c905e3ee1783a64357_JaffaCakes118.html
Size

40KB
MD5

fab7a47675b842c905e3ee1783a64357
SHA1

c94e41afd0b7bcb7e2156df076ff6ea4111d902c
SHA256

234b39b6d1273907b11413781ab04ef1b60fe9f27bdb6b2a8c353e328b1b40fc
SHA512

bce65df160a60d7fae698c133d8e9be6b7a33edb4ce698ecc7d700fdbbff5afda29454ac53cbca22acddd24a3c6d426bdb882741988f2fb152da3a3135f60726
SSDEEP

768:0ipA//9sYjF7JB03QpEzhUt/ibwm22PQMt2QikovzNMSgl6Thd5QA5yG7bKhiUWD:0oA//mo7JK3QpEzhUt/ibwm22Pt5gbNp

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
1812	msedge.exe
1812	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1812	msedge.exe
1812	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe
1812	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 3972	1812	msedge.exe	82
PID 1812 wrote to memory of 3972	1812	msedge.exe	82
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3984	1812	msedge.exe	83
PID 1812 wrote to memory of 3508	1812	msedge.exe	84
PID 1812 wrote to memory of 3508	1812	msedge.exe	84
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85
PID 1812 wrote to memory of 4464	1812	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fab7a47675b842c905e3ee1783a64357_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0a7546f8,0x7ffa0a754708,0x7ffa0a754718
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17582721302057300454,14552907946008287576,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17582721302057300454,14552907946008287576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17582721302057300454,14552907946008287576,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17582721302057300454,14552907946008287576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17582721302057300454,14552907946008287576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17582721302057300454,14552907946008287576,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5388 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
92KB

MD5
61036a19e45debe3d07de002541a8996

SHA1
dead6a7c3e919b46bbcb78fce20cc6170d375505

SHA256
1b3bff0da0e029868ba1aab419ca36f907ee4903283cf7c30617d6065cbbe88f

SHA512
8cc58a8bad8e91f6a0f02467f3bfaaa997722d7d636c8ba123a4859dfa0ee0f1bb848d3f133649e9341e88c2e44cbac5b24399ea8976eae7beab970b37176739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
36KB

MD5
7a6bf12e575a39a6275508532836968f

SHA1
2929d7cb13c1fc06f5f85ca1836a18042d4c912f

SHA256
b6f0568ebe2f4bfab44cc4ad04d2c17b3b9e7be8f0e80da48765ca946d93e17a

SHA512
5532165a578030b002391059ce61b3f647cf8eb8a0175c124b111e09d8d47835027e0d5d2a5e0a8f7e80e44e17858861500a748f368728e0f065292ceebe0924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
524B

MD5
4a00413f8337be010e5baa21fd7c9bf8

SHA1
72152b8556ad467cc71e046de94c697440ffee2e

SHA256
676699080096db8219ed96c107db6179641cce8d7e85cdfe7f37304c39675122

SHA512
f134e4b752987bac513b9762fafe01d8ca1a5f2c4dd2830fe71fd1321f60acee866eae260a130ebf61133b90a0ce4e8366f4fea3284ae60113ede3c424aa72e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
596B

MD5
8f7285ecdf1828c88c53809286019142

SHA1
78fd540569eb310a9193f06fe3838f87da50b385

SHA256
c182c5c6bb2ea2b58b26b8f5b7b3f9c414ffc0abc4bc780b704e2300a01700e9

SHA512
db32276d1b7a1168499273cadf13e422815508017e1db37fd520deeaa87c8c67c5e83135bf0c03a1b5d3707def3d1c917df4a244b31c0576c2b85bd3d711e9d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d1f34fb6d888432bfe777efbc1e3a2d1

SHA1
ccbedfa40b75a8e59cadf197b8ec1d9fcf8db514

SHA256
0bb67a11e82f2e226afd7eb7cbbff6b7e2e19022b4bea9f8be433ba80a4c5895

SHA512
fe647425fdfe7c3102b5de86ac7fc353d8091463af38b834be89288f7a3dc65f70eecff2e2c1c277bdedf23c409139e7c2290a918ab2f65efe4bcbbe254f6ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
207a5836c14bfd023871ed6df24f92ef

SHA1
f683f5b08b7ccc93d2b5b2a1199c6f216e841560

SHA256
c98ed9951b1dcb3cb1b922ae8f4bdc2fa1307cf51ca2cf3cc689b5f71ae234a0

SHA512
6f153a05e856deebf46997a22d90f188ca7c5d2231fde44b0c7c603d0e16ee1103df77d6ef3a8b2a9f270959e157aa16dd59a522b2ad670acee6c5c66a612d47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
7d9c126c2c860b98020b9676ac0f5ce8

SHA1
e59e30e9594a7f2280c4963e2121bf899920e39e

SHA256
358a5b182e9007a7589d0725bb84e58de18ea7569f94e04fb2528aea8d7647a7

SHA512
b2120e2404e3d520206db6adb1ce2f804426a23cf9195bd21d5993ff4d2204de77027b37ce4ee02622b44f2b5438ba9926c1cd23ee859cbe679c9e91666f485c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
3ef782ba8ae8493ec30b3ad240a0b4cf

SHA1
598683db67b1e6b8950c9f5624c3c80680457490

SHA256
a27555e7dfabc0e2ed4e73e8f76dc74360c570f4247053aa64dc1657c419c9ed

SHA512
73e04c0d245e0b23c4ef4046cfed6c9c0716d5d06a357b55b3c8e1a45e8ebe954d143b2dbceb3a370bcfaa4acce9c3ee516617cfcccd06c24296e4dd9d17be0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c7df.TMP

Filesize
204B

MD5
8b87e85bf9ee1171d81965b75f7cb81c

SHA1
e5297aa6b057eb0939748fc53283c240e94b206a

SHA256
1be2b791915221f5c76a198b07fb254d5c70a29cc4d201f99de2e4a0a3a0a4f0

SHA512
827596ce4f528689a3a508acae29d0210c3ec67232eeb222bcd461cead7bc6c6409020c488bc92a5097a0263cbca67f9f50f0720a15180f91f1d2da8e7d7e334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
14279eb4505b117312f2fec8f65f4055

SHA1
aa92a8ff239238024d0321576d38fb02879ac641

SHA256
4da6785ec698dc950825963fadfaa29f38cc39d31a6dc22798cdf4248cdcc5cb

SHA512
48b05b2cf18da284100491b8255a847ccca441fe9a94621244939af3e1f333bf20f13ec79ded504ae76493dc74b12e023e09d0f55f9299973cb36ad686d5a9b3

Download Submit