62e43b4eabef37a2d51142956ed79d35bc1cca15146fe785a6a276daff2755b7

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 22:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fd40189db09170e880df6cd2e6b487ad_JaffaCakes118.html
Size

74KB
MD5

fd40189db09170e880df6cd2e6b487ad
SHA1

15765d967ca03d39b824929edc6a312bd5c55d4f
SHA256

62e43b4eabef37a2d51142956ed79d35bc1cca15146fe785a6a276daff2755b7
SHA512

9b8ecb49498204be86570503f8d802a8a681c71eddb1737a488020b58ab2432809af0446557ac3f937b64faf3b480389cdeaff1f18a3ab8e4bacbee436c125ee
SSDEEP

1536:HnWkADkA7RkABkQ+ZkAX4MTnY/IPT5MxZPddDxKTQakAkPvFS5olYpjlPd51t8kW:HWkADkAFkAODZkA9TnY/uT5MxZPddDx9

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
2208	msedge.exe
2208	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 1672	2208	msedge.exe	82
PID 2208 wrote to memory of 1672	2208	msedge.exe	82
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 1852	2208	msedge.exe	83
PID 2208 wrote to memory of 4176	2208	msedge.exe	84
PID 2208 wrote to memory of 4176	2208	msedge.exe	84
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85
PID 2208 wrote to memory of 4940	2208	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fd40189db09170e880df6cd2e6b487ad_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff85f8b46f8,0x7ff85f8b4708,0x7ff85f8b4718
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6911680402818705899,12696636558520511333,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,6911680402818705899,12696636558520511333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,6911680402818705899,12696636558520511333,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6911680402818705899,12696636558520511333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6911680402818705899,12696636558520511333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6911680402818705899,12696636558520511333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6911680402818705899,12696636558520511333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6911680402818705899,12696636558520511333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6911680402818705899,12696636558520511333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6911680402818705899,12696636558520511333,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3200 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
80dd7f346eb85b76f4fc2fd71076edfb

SHA1
7d996ab9bd6324dde298d5152155fda601fd3fdb

SHA256
ab614ba11d8c85f6e884cbdcd06e65cc706ce6848920786c96f3421525a9d580

SHA512
1c5551db48da22f7be0c938f5d5a5b1a78d651a8f47a39be49ebcecae875317ff4455b67267f9cd90c9e849b5f4dd8ff3d42a8e135c5eb57071341a49582e909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
5b22e7749d5d64379bd36a458873b1ad

SHA1
916c512b809239626765c8d40e16431448dfab6a

SHA256
7f5e203d1f558aff3c694807c09943a54eea7add6ec3d1425cb4c8db295cc794

SHA512
1f93994e7a8cf0cb6560a4ca2d8b2b290b95a0765b4faa43dfe9f6e54989452a70b58ac0c9fcbb76a97b21ee8a000a98636548e6fd7fec9b158d3eefdb3092d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a792e9acc088f27e36ea14bec60225c0

SHA1
d46101702c8f37d7b8949220b0ed6ed8f064ff48

SHA256
9fabfa452e6f1938661617ec905622562af7ca64bf8f26b9a725c342430e225f

SHA512
c3f11a026d92945f814e7b6b66a0cc12e5e79a19cb9d79c7e89c8e310d9a5d2a8e597b6c9ae947cc1d72c8d50c1a7dee88cc87c2e0e63b1fe643f7c4c0e14361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ace53dcc6e5f48e3da8a5f2b54a06e56

SHA1
1362a4cab1fd4d47de5435505704affb5ea894a3

SHA256
117cae77ef46f4272342ba94a5eff3bb8fa05c466c6b8a2e829d6451e55415c9

SHA512
0918faf0560500e22fef7f78f546274e6bdf2ba2361a92b8bf682d0fbeff5b83a4c8d5f9d4971e7d416ce76f6aa7deacb460e46aa12f56783d73a91af898dd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3983e4aceb84380d93e0167c719c66b9

SHA1
9d3d7c3c9e4ba5daa8e3e83a6dcd678c62afdfc9

SHA256
0b635b54136796f8df25e492c0dd30622705ab83ceee049d8f909ce457bcc43d

SHA512
9234888db11c67b54b9f33835463c684528617c0117ac4da8b28354366fda0337fb53e713a6a60a9aa69855d565df8d764276304f8f426ddc3c0b05cef02d8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73191da8e58398c0f73651a875c359ff

SHA1
edde7a9c6bee8270192734c87af03d1f5f086c50

SHA256
a7714419c4650c16d78e75939d5249eee2339e38c2bc23c38457e8ad569f89c8

SHA512
2a220fba8f0c44dd2dc99a5b969f552f0631e7ebfe0f03db520fac0a60e201d20c484eaab496c6086b384d412654c57e491f070da573360319edc195c830ab76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
90cb98706b032ed1d5e4d7b0154c99a0

SHA1
e1e6a580fe47ef539fd6168b89323c2c0ba162be

SHA256
7aefdd342aed8d6a297a967de5f3d9497afd15a944b7825e394bff1251885775

SHA512
3423559b5f9ea8539d4f4675e1da4400fdf18e3cb3d8af0a2cc13cb26dc19974b8a379d5af93a74eb461a616b215284d1b0606928eea060a2fbe6f26a24cb0a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580422.TMP

Filesize
204B

MD5
93d0a0549d0444254de07f6990d328af

SHA1
fc105b5f92fedfb472968a68851a0814559407f2

SHA256
ce85eeba343fe763f6465b0890c6980dc46293b48f8ed18688cef8735cf3797b

SHA512
70b6d5e11d09adf2b8355de72171e0de4b10336b84db7583ace8e35267a630d0502e90b06b174c1f07f4c37c9b5f9d3f123fccb135ecbd80af9c4ba60a970fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
490f3ab0a5785cbc6050ee26b0a607a6

SHA1
5d681016c9b24210552c85a3ecacb2bd9c961141

SHA256
1a2ba569f184969dda4b63dc528866b55c3379c5ed775a25a39500e433b4fdc5

SHA512
fd099c76ee66b2a7b6e53ffe01333b126c3f0c5885b148b3ba20c56bbe7a7f8d825a89c8db806bd00ba9659ea2f8ec8d227d1406bc8259fd9f9d67a2bb45d1da

Download Submit