1ab7a58ebd186d33a3906df7a3b1bcea51664c156d5df036af8710d4194dcc67

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 01:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb43dc2bd64ea993ddb0559f2776e1d0_JaffaCakes118.html
Size

55KB
MD5

fb43dc2bd64ea993ddb0559f2776e1d0
SHA1

52e6f7baee5f290aed4847d8f3db86d541159852
SHA256

1ab7a58ebd186d33a3906df7a3b1bcea51664c156d5df036af8710d4194dcc67
SHA512

1d2ef0c7b548f0f6df1d86f20ad984a43fe7694dc6feab623219ddad5477dad43293cb667de3c817176d8b32ed15f396e315d45c95444e70b73a45899c050fec
SSDEEP

768:9riepHvvCIooFPlFMjEYL0GtRqY/DlTxkgV+r:99Hv7oaPlSjEYL0yDlT2

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4956	msedge.exe
4956	msedge.exe
4364	identity_helper.exe
4364	identity_helper.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 3828	4956	msedge.exe	82
PID 4956 wrote to memory of 3828	4956	msedge.exe	82
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 2328	4956	msedge.exe	83
PID 4956 wrote to memory of 4320	4956	msedge.exe	84
PID 4956 wrote to memory of 4320	4956	msedge.exe	84
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85
PID 4956 wrote to memory of 3708	4956	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fb43dc2bd64ea993ddb0559f2776e1d0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffc1a4646f8,0x7ffc1a464708,0x7ffc1a464718
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4200 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12087334512896292336,5907261113095504127,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b31f4b8475b68959f1a620a11bf6f7b7

SHA1
5788ec401a55f95764fdcef6494e7b0a37ce3f8f

SHA256
18509552486cdf1395ef057f030c944d6bc43afc100a9178cba340bec3534218

SHA512
a45217dc5bc36ce022293c3a617444b040ddeb536786dc42cf76cecb719e5cc470a667f3ac41370ccc5046d4fdb20da411ca1c8163615115a522db53d2bd0161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
aede5a6c91c0ba912314fc429201c214

SHA1
f69c03472148b5e830290d2005c82506fd368863

SHA256
6c1b13750852ed359a9baedcb5b1fcb3bd5c1a9e6ec590b8a8ec6d4ff392ab79

SHA512
815c7af951a04aba6a4c823f54aa43e22676001cfadadea7c0655c2f6ce4af59d1d597678adff635bc48f52bcf4f0218dc87e6e29311150765ba710dae64343e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d86980ff467f748d7c9617655d4852d1

SHA1
b2d701ea1840ec674df93576cc3fb00c1b723abd

SHA256
54862636c1e69fefa21f5ef049cb7c83f72a562a900dd62bf9a35412d6a7e87b

SHA512
bc33eb3b45eadd1372dd7af1177cffca0015b901c12f417dff463f73d29e0eaa73b4c165f12919c6e27c6308730389353353a19a94cc173ac1b3950932c5c014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
53d5875a85147f7bb932d1f4c6ad9ce8

SHA1
1e169351bd55cb4eccf90e65468ddb6c46e04d27

SHA256
d2bcdacdb1f6f99d43d8d9363c9d8e80783744a242cd084d52b9fe14c9f900ad

SHA512
e6e14d8bdaaf8c04c409336d4b7c68ac0ee8ea2798b4f317fd54fbb0d3093c8daf374478328006f4d5c7e5b4b01b16a6612098a816a155b1bced6c0c1221ab1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c673a03c5c47bc8c8766b83d3d855cb

SHA1
290d1f29945182d47d05c6d9fe312894d70187a7

SHA256
3abbce44b7ee0aa64c9de29fdc3f15a4104b64ff08b069c69620df060d1b608e

SHA512
4d23a16041c0e40902ed9173693e2cd1708f3ddb1aecce5112db504978d3763d3e330542aee751dcb909a71f5c5a7cd5fddc3131ddd49915477209f2131966a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
251a0740c447bf3bf3dbdb59957c1437

SHA1
30c29798465e20ff2b9e549f395019b4b9561071

SHA256
c2f079d22823ec2d655318fc30e5950a533031d95971d891dece64b688b3a6f2

SHA512
2da59718e271f7bb024bbda9ba60219761df6b643d3fb5709f9d5009ca0db2e81092b8de806ce9571661a82f087ac557327466e09a82a8e9ffcc89265b9c9cc6

Download Submit