cd85608a97848d506839c4c008433c4ce8e647756c80243b3e7bc4e8fa5a45e0

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc6f3ea8c12b8fa6317c097978bd5ee6_JaffaCakes118.html
Size

34KB
MD5

fc6f3ea8c12b8fa6317c097978bd5ee6
SHA1

38886de56c8941911a5246452066fdd467cb7424
SHA256

cd85608a97848d506839c4c008433c4ce8e647756c80243b3e7bc4e8fa5a45e0
SHA512

191575961d5b1e451c78d9a30fe0e05cbdb2f77e12d2357816a7889a109c39d86a8ae5c5930af73d5f0b7739759532a72ecd175e13f4ee8e09faa73f97873cd0
SSDEEP

384:v99D0b1WkwCkbaVSHh6SzbNqmCu/lZbcWO5W04ikw0OM2z4auT842dCNkMn2rfNt:YWkwCkbaYJ20GNrd8gGpZmTDZ0gL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1788	msedge.exe
1788	msedge.exe
4476	msedge.exe
4476	msedge.exe
3816	identity_helper.exe
3816	identity_helper.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 4360	4476	msedge.exe	84
PID 4476 wrote to memory of 4360	4476	msedge.exe	84
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 2044	4476	msedge.exe	85
PID 4476 wrote to memory of 1788	4476	msedge.exe	86
PID 4476 wrote to memory of 1788	4476	msedge.exe	86
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87
PID 4476 wrote to memory of 4948	4476	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fc6f3ea8c12b8fa6317c097978bd5ee6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdcac46f8,0x7fffdcac4708,0x7fffdcac4718
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12579175550987220986,9003870437351242299,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,12579175550987220986,9003870437351242299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,12579175550987220986,9003870437351242299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12579175550987220986,9003870437351242299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12579175550987220986,9003870437351242299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12579175550987220986,9003870437351242299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12579175550987220986,9003870437351242299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12579175550987220986,9003870437351242299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12579175550987220986,9003870437351242299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12579175550987220986,9003870437351242299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12579175550987220986,9003870437351242299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12579175550987220986,9003870437351242299,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5436 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
313B

MD5
b7fa3417a8d844b399e8aea0d508dc6f

SHA1
d73930c862e23a5f3f3d6453908cb145864fce62

SHA256
78768690913119a1fadc879888d0d0c77973a0e82c0828c822eebfbd501618e7

SHA512
95cff32d2c487827f1ffcd34689ee5f213d910e0281ea749234ddb1fb3019f9200ce6bc159227ea15cfe4ca5a02210cf72e448cd58149953d071363208e29186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b581faeb68111e54f541dc2624982063

SHA1
4d8f254e941559d7dffb18f96cce3f1d28a71ab0

SHA256
4fd7679cbad5f010dc07ddb61017e12bc667d82bb35c607612a9bc0d01c40cff

SHA512
9a18f056c6526f9f6c10b081d280590cc9cfd67025bb145602c1dc6896d08a1603a6817a9d9a4e573fa927d2bb974f7d4aa998c6e87c934f34294fad7ada8a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b67678c86eb6ceae4d6b8aab40429b4

SHA1
f9776ae31f4bd48509f8fbded50cffd8c2266a9f

SHA256
ac7cb167201e5f3c92e20b2b0d218801518241540acdc666a72af60198049ba0

SHA512
c7fe4d85104ef95c6c7dee9292862e0768a256bcd2c1224a9521f2aa3ced9bdd513a5d8a0aa0aba9f00a14cc3b9ebf08b75cf11f342a443e6017bd1cbbb837cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0f435c34c7a8c9610ceaa97b0647c6a7

SHA1
7dd5c6feee65187429768bab04d5e4a7ffc9fdf9

SHA256
d7e35982eeafc17f9a9f8198f0ed37950b192d88174c76cf5b88865612201590

SHA512
dd96fb0d5ca0b7a94d9f4cb7dc37cb47055eacc6b90d42d48bc0841a094542d2dabb4e2da5384314dcba2df00865e4c766a688f3257b24b7e4af9b8e5c100ae3

Download Submit