cf22d0f830f063fe75f62e7d6c1e8ad0cc513ff8bdf1cfad96e2682a3d7941c9

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-09-2024 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff61ba616128e83890801e70a2d92b2d_JaffaCakes118.html
Size

53KB
MD5

ff61ba616128e83890801e70a2d92b2d
SHA1

aea8a15c34877c3abef7d2cef51a2751dca52fa1
SHA256

cf22d0f830f063fe75f62e7d6c1e8ad0cc513ff8bdf1cfad96e2682a3d7941c9
SHA512

a70048a238afd8855d12c877ddbe5f394589df8b2855c954c084b3aa594b2d7ecfb6d9f805b2a8c6d07c05dab8a6df2dc77193b6a6343c685d2d795c739c68d4
SSDEEP

1536:zEijZeqLAEijZeqLGc4rsVdkEg80pk/64VWg:zEijZeqLAEijZeqL94sVdY80W6EWg

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2060	msedge.exe
2060	msedge.exe
3200	msedge.exe
3200	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 5084	3200	msedge.exe	84
PID 3200 wrote to memory of 5084	3200	msedge.exe	84
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 1292	3200	msedge.exe	85
PID 3200 wrote to memory of 2060	3200	msedge.exe	86
PID 3200 wrote to memory of 2060	3200	msedge.exe	86
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87
PID 3200 wrote to memory of 3912	3200	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ff61ba616128e83890801e70a2d92b2d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd582646f8,0x7ffd58264708,0x7ffd58264718
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9140137437618255445,695797756359758067,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,9140137437618255445,695797756359758067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,9140137437618255445,695797756359758067,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9140137437618255445,695797756359758067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9140137437618255445,695797756359758067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9140137437618255445,695797756359758067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9140137437618255445,695797756359758067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9140137437618255445,695797756359758067,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
d8b6711c16772a8516d51bf21d2ff14a

SHA1
e12edd5d3fda08ef91129857a85b0842c4d7a5c1

SHA256
d59c5afa4063817bd44ccf14d328f519e4709f9fec992a153cb304cc13362f0c

SHA512
0f676d48c513d1a2753718e708e89405da529c283de5cacfa85180e514048755a8944fd6c5aa74c9e555bd181709c82fdb891a823bb16b80c87757b6f5af9944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6b02369d9fec9e0a986d68ac05267102

SHA1
4518556c9b9725bec178f3248ebc11531cf346dd

SHA256
8c8e26781d2cc398e93be7b3a200c6bd79d803b3c6e6cd488d285a5694b02948

SHA512
585449dedc28de24a86c4317d9141d9c691c9e0ac970d3690d5fddc5ac7a1743c6aa6863146c714fe2f687aefeb74dd5df761c59a173a8930ca209ed31445550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0eceb2138bbf585233bd63961e5f991a

SHA1
6c05c702a785296a48d149bde63cdbdd397b1229

SHA256
b62eaca31b72f7d18170b2dbc3271e5bc72867747e3c1d05502604d02a1b6e9f

SHA512
c5641390aa6c55c6d8e3764620b38beb5357eea2c12586fbe8350628390f9fbe4739152cad6becf9eb0b1cf658d22ce34b9409161e0eed4bcd8b2afd7aad45c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ce6218c997f6a68dd16d7a58b6d583a

SHA1
006dff8f3d707725ef47d6927399725393e511e0

SHA256
9de8a38865624eb1ebec8a0151c3763860cf66236db4540c34a17c4394b47874

SHA512
abdb14ad2cd91ecb663559fe8e8382215ba62c9bba9b7b9ffeae2b452328b1ac78991262df153ad7cb110d5d31fe48a484dcb21ebab33bd701ae47a0806d86b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
941ede1aa26dab506b038f033bd561b7

SHA1
6bff3c3ea197c93b1a27886fbe0aba8b9313a77f

SHA256
89fc8311c15f38a926a16a5454fc18baf9c8329ca8d9f135d35e2e0042e215e7

SHA512
0f209bedcc7d610d682a1af4defb41545d8b0349b9b21547dd30590e92323eb4b99c9b0332dce5d256cc14532e78b70e9d1dfb991c07f969853739731374d9f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6f6d1c18efc472981fbf49e626d606ee

SHA1
59d1adcd5563b83659c5f7fdb3c38ac6594660c2

SHA256
9c514d405c0be6786bd9487fc219521c1a419ad0a526c4cb6f301f3f798b0a97

SHA512
ec3f3015b651797ad0bbd0a18b2c7b7391efd31580925bbbfe5076948ec8c6c396ce0839066e433c7a930acdb485421a5f0e5ff36873e318cff00c90df2d3efb

Download Submit