c43f8ba6cf3d90798f298e833023e2d9ebe60bc58ef25411aef6df882ff250b4

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 14:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fc7cf963971e86d246cf61e2badfb1d9_JaffaCakes118.html
Size

62KB
MD5

fc7cf963971e86d246cf61e2badfb1d9
SHA1

8ee68b6096c0dc36442aef929dfebcdca10ee1f4
SHA256

c43f8ba6cf3d90798f298e833023e2d9ebe60bc58ef25411aef6df882ff250b4
SHA512

056ff68a9a8d984c11fad5bf9c554f87138ac47e3a861265105409a8e97a740ad2ac358dc3fa1e574821e1bac1cf0cca3477c9d69d058b9c92b427971413af04
SSDEEP

384:3gs/TWhzcLB63idlOZsrER+ozZ1QR1ZS1Axzk1rzF1ytH+5tH+gQ2dnhw7sghDVU:RyhzcL1+GYwxRFOlGL41pyibqyN

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
3160	msedge.exe
3160	msedge.exe
4408	identity_helper.exe
4408	identity_helper.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3160 wrote to memory of 1556	3160	msedge.exe	82
PID 3160 wrote to memory of 1556	3160	msedge.exe	82
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 2212	3160	msedge.exe	83
PID 3160 wrote to memory of 4184	3160	msedge.exe	84
PID 3160 wrote to memory of 4184	3160	msedge.exe	84
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85
PID 3160 wrote to memory of 4260	3160	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fc7cf963971e86d246cf61e2badfb1d9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8d7d46f8,0x7ffd8d7d4708,0x7ffd8d7d4718
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11036474807755808762,10765190721523401796,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11036474807755808762,10765190721523401796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11036474807755808762,10765190721523401796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11036474807755808762,10765190721523401796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11036474807755808762,10765190721523401796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11036474807755808762,10765190721523401796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11036474807755808762,10765190721523401796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11036474807755808762,10765190721523401796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11036474807755808762,10765190721523401796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11036474807755808762,10765190721523401796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11036474807755808762,10765190721523401796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11036474807755808762,10765190721523401796,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5488 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
752B

MD5
67d33a6cf4399f6d9440fea18274b208

SHA1
577e798e6a640b5cc33a6d0a28f7a342ed0d9942

SHA256
97313f962e45563ba548ce8e160f3a385cce09ff73549191f678877cf90ffe22

SHA512
549fad1dcabaa5cfbd63439faeb829eac31b804af8367bbf8f99332dd9a3d09b7f6aa8d18c3331f817a52913edd5c18f6c58b2e35f40d0c5aec71176a1fc7db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
acb8fb0285d056d6f77a183ffbe155b8

SHA1
ad9390f0948fafe7cdaf8aa8c993bb17bec85c70

SHA256
52563b2ddbc61f12f7df95f704c3a9e0371a64ea47e325677172d1a9b153cbcb

SHA512
0b46c99acde4ba70ccbca40d4a2a5812526d1bb5d92ed20450d5065bceab2b99674c9ff8843b18078301802d0b538427aa0655a9ae7715b84c9ca2b03a0cdeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82d910c45d69f908388ddad9fc669058

SHA1
cf54f0852f0f98074a4b776fa4c62c095b4f0cbc

SHA256
ed5d0d73fd3371e2723b567e7e652d226cd8ff41d602df2842dc3cb6c7c9dc00

SHA512
a6f7e5ccfe9ab7be6a2a476366cca38256ceffd21359cfeba06d46eb2e73fc5c09bebacc70ee6ba3764734637d6a0b6be2de70fe974a340fb9e912128538b655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07463d857881f02a7e80db6debd6804e

SHA1
44c5ba0d9ab771751e93a8c520898ff193a2c3b7

SHA256
083fb153d9357343e8cd1cc68ea23c022ce69fc60714a64134bc9aa7833a5448

SHA512
b6e60fbab3131c8e0c3492bdb1272210ad0f9bc807b5ccd2bfeb306e5ef12ce338051428587dfdda896eebdf81136081569efb53e2e6a314a61ccefba6956a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
3555b5e8bfe8aadb6725143b6ea85cb1

SHA1
54d14b0ae43c418ccf1f6d3685a1feb7b4e634b7

SHA256
59cf45d73552f0559ffb04645bf469351f2543ff265312ab5b430204f00fcb41

SHA512
b1a2e30eadb08168583a3eb291049447c4d61aa9d59ab08f0586ebcb2420dbb7559c1f9cae412936797ec3c230b42b49dda5dbbf924868d424136f0bedb0827d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580347.TMP

Filesize
204B

MD5
3380af589f20a40e004a8db53fed1ed1

SHA1
cd9bddf354cc1b54ed05a1c8e150656f9f6ca8ff

SHA256
e12ee93b7af8d14f492e799168410c081e37032a4ae3c4248a4a712ddc59cc4d

SHA512
6bba85e01c11fa9b65b2195d827ad8865d58b19233b5242d19597ae9d9e29105134c12aace5e72d5b93e203b650eba368c89f9602438b47268f101b52366a476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6a272b70391fa1c43784733846bd5c62

SHA1
7a35a87afc932c8964c132e161242097cf08ba22

SHA256
659de67fade4507ed18547146372611a678f27ad7b18b4850c52fc86c923939b

SHA512
a87d8e53cfe8e6711fb6f80c76a5d84d559eb3853f35092d06d70dd128067ef689c06da2f373582d57aa60a8f98587c9ea1a7748df8c136bd8cc36a01c33cc93

Download Submit