227e4a1c2a6a9cbd93aaed86ba160916ff2e54e6f7780447ed3075d8e6e81d8b

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd0bb1888d643ad110b022099d410fff_JaffaCakes118.html
Size

42KB
MD5

fd0bb1888d643ad110b022099d410fff
SHA1

477dd8343a4b50a53e9ad8f1b606b21830662ed0
SHA256

227e4a1c2a6a9cbd93aaed86ba160916ff2e54e6f7780447ed3075d8e6e81d8b
SHA512

217466cc5f8964c0cec5e76a526dcf80209f5e67b05332847bbf520fd86a0f2c164d6be789f9b68450b26d347ae8a3ec6bc60b79235f886e224c448453c50fd4
SSDEEP

768:SiAjXm6JnGGxn+Bpv/KHxxsbZ0H45YmoxTrzVGwazn54:SiALm0f2p3KH7sbZ0HcYmoxTrzVGwazy

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
1172	msedge.exe
1172	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 4444	1172	msedge.exe	82
PID 1172 wrote to memory of 4444	1172	msedge.exe	82
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 1616	1172	msedge.exe	83
PID 1172 wrote to memory of 872	1172	msedge.exe	84
PID 1172 wrote to memory of 872	1172	msedge.exe	84
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85
PID 1172 wrote to memory of 3104	1172	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fd0bb1888d643ad110b022099d410fff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff88fe46f8,0x7fff88fe4708,0x7fff88fe4718
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15779145094659005626,5517173127397676380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15779145094659005626,5517173127397676380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,15779145094659005626,5517173127397676380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15779145094659005626,5517173127397676380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15779145094659005626,5517173127397676380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15779145094659005626,5517173127397676380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
26KB

MD5
03f02297c82f51af73bad6c2809d4ae4

SHA1
8b4424ef3501d3680503452b00879edf5d9c30f8

SHA256
622632e707bba34d5a8bbd0312b8f709db895277a4d79c14bf89f1e8f240f5dc

SHA512
fd8720024bee7c421b4c4db678a5385259a727f53c33df608ee4eba338cd0e86c9d1ccfb78a9e9807179db755fc008ed5f607fae011a449d34c121f74a728605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
80KB

MD5
f3f5c7898ea319673cf58bf191c02df7

SHA1
5a4f60d6f704a1e186b71c1aa872015a36075d05

SHA256
d713ee32f58f4f910c4e9bcbe2d1f1ebd1a5e03186b4e8dbe0af23d238ea449f

SHA512
1d994c3f99ba62c75066e054d628b82183c3af28a9a800fbb6f31feb9cdddb9322bf5b0cf758383cd8654a6c0d3c91968a18cf0addd0b37f15598be0219edd02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
29KB

MD5
0213fe30e5966eff0b8c4caa19bbd6b9

SHA1
d39ae40897f37903c4d8f8ef50470f10da474de3

SHA256
f02a11192b7f9e90f86a3f655e80b83dd7046ec5e22251936b3e1c7f4ad1a1c7

SHA512
e6da58c8210a55255e6da3f728becf07b46795642e432e25effc6fe8012b87759592cca467324b0daaaf393e516a039ee3369773828d51a21fe5d677a4de9a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
120KB

MD5
b3a564a0eea25267a4068880a458e23b

SHA1
2bc4a6e8b46af9efbe506cdbd745d56eb31050e5

SHA256
7591069e8f34503bda03ec489915cdb6d9ca27071915586dcd3f00ec7e2a7708

SHA512
9288e06cbd608b3e57534503de9baf13de1661194872cc492055c8cba53cfa1770dcc80e2ab90e11eaa644624d25950aee775b068f9f17bca1c948c84a19fdf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
30KB

MD5
0a6e7149e407a69ff4e2c407b9b46171

SHA1
997cd8be748401e36aea05340cf8317a35a20963

SHA256
4d6f9a959aef60b10b8a4a2f7354fa6800ece7d5ee8e473ecd2991f8b3fe93a6

SHA512
d5a6117ac9da5101c93ed340e872bf6693370efad13b8fc4b69ab147ac5af72580f132276cf3ba83e1447927a2bb5cec5d2aea246dd1a1530b8c9f36c13d414d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
136KB

MD5
88cede0c859dafa99faa7d409a53d13c

SHA1
621c6d699dbb4c69e1395cecd72b2db521117d6a

SHA256
81b7d1db8babf775fa7a0f2555b01ae5110c25f5e7f4874a76c3124168b1d856

SHA512
a55cae5af7d23c13ef2dd2418504dfbc86f13456e8ba56e5c2a08de69d32fa219e588828ab4164da6f6acd418300d8abf264ae07f312c193382b92c0539058fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
901B

MD5
c7e724990faf101d51d7ed5f585c18c1

SHA1
f6e18961f3f08a3e402c144b3a5aa3b34baac9e9

SHA256
42a8281a184c2ccd7daae15f2ad68fb2997a54e6fa8b26912682f40abd131003

SHA512
51b4fea522a3100fb7be1d3183519b1220beac8bc35c4b1b0a45abf3cde7c321e96d19148c2a240591bf4a7263009a72c75eabb77d1a968a681b005525ca6ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5b8c4dbffccad47c30c2111a8c76ed85

SHA1
d21ef7ec0d9aeadaa56ea913a7f8d678a3293f8f

SHA256
8f0ad60271fd4aec2ef3fbdf4e85d3ef0f00c1f1bad5b06b7c382609c93974b0

SHA512
2d0e2c746349e456b536a4c2289609b17f0ec1460f6331fb20c9ef3df3cac4318fe3efb246119389e20949509c445d63ddf8b8a0e59bf76a421c75c96313b9c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1fc97a205fb506cbe14be6b97385dea0

SHA1
bc08a11a698eb8b2559288c5cf7c82b41c2915b4

SHA256
0eb97a02561f16c33637ba4c05f8fbbdaec9b85855904a3c764b517c4ab15f1d

SHA512
9263e17f77e21268b6b940029b70212e0ddf32bd7c2bfcc49d0b0ce177946a71bfc39927e52e18d43f94df00baaf4a70ea87a99e4d990fbcd56acd5a7d525de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
1f32146d22810d7f6d49ebc53ff920b3

SHA1
7daa5a5b2aa7fc9a558eff2a449a272731d4d393

SHA256
6ef39ca6e7e776f8b1b4fc4bab51c4f651fb1059fd82e71ddcfef9eafba1d813

SHA512
b9fc156e015345709fb7146ac1d79c0c391c646d5e5308234c1067b275846ebc4453e0c757ce311b73235ed589589dc9aee86a6e144827f1ab55de55cb317bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
3417c72ed452d054b0d29dc6e555ec69

SHA1
52930cba91b7a6346b499bc5f6f1395a623d2ce7

SHA256
e6d7a31c8778f73293635ff8851e3ad6b16d349a3a7fdde1655904ab5d0c60bf

SHA512
f98b754c1d9fe72dae71633ad5531f263629cd383a05cd0724d49e83b0c9114d23a3ab62d0f39ed930b9615a8b86c170e419c6e5381963fef68868e63e525047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bd40.TMP

Filesize
706B

MD5
658288587c0d4ce7ca89131f187d8574

SHA1
333e1d16efc746e470914dfbd7796248965d6678

SHA256
e6d662d9701550fc22a16c7ce3301f3ec53d942c5cfc0b2ba7de07a698fcc29f

SHA512
5204e52ca5af31eb075c366e5f7f56886fd1f131ef5dfe3948c8468584e9716fffcd61e5a682f4f7cb29d10347b6d52a47fe9f08ca32e11339abbac2236db449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bc9e3e72a89dafa9eb704eedd9acbdd2

SHA1
5b2121920b5f829fd2eb5847cc458b9ad1763c3e

SHA256
5ca0f86ca731afbe5c4edc66134b6d2cc45e6e5cd08d8ba82c49eab57c3a8f14

SHA512
e6e845dd941bd7dd2753d24b0cfda350370e96f01754e4331b50c40ce12a44c62eb9a76e7ca05fd654c3de33c6b29e01500cb6e83856f354b7872f325c63d529

Download Submit