90d333fac23818f496bb88a182df6ac3607dadaa5125e21921ee91649e4e760a

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 00:42

Sharing

Copy URL Twitter E-mail

Reason

Task went missing from backend

Report Analysis Logs

General

Target

fd77dde4349f165ba382bda63d9c85bd_JaffaCakes118.html
Size

103KB
MD5

fd77dde4349f165ba382bda63d9c85bd
SHA1

4e51ac29fa7d2c329b53fbeeb27eff3bd89fe7fb
SHA256

90d333fac23818f496bb88a182df6ac3607dadaa5125e21921ee91649e4e760a
SHA512

37e4e60582a73bddc4b9af1cbb7b3c5fe2fd909de46058d129d23cf23f554df2655aac0d2f8a4980a385ce31158ea35fe802049e8bedc1ef4679d76f37cc76e0
SSDEEP

3072:S/D8TeCTmyI8cqvXkqCVzR/78B9rCX7Cezs3lsS3GbT:48TeCTmyI8ckC7oo

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
4712	msedge.exe
4712	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 884	4712	msedge.exe	82
PID 4712 wrote to memory of 884	4712	msedge.exe	82
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 2780	4712	msedge.exe	83
PID 4712 wrote to memory of 1916	4712	msedge.exe	84
PID 4712 wrote to memory of 1916	4712	msedge.exe	84
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85
PID 4712 wrote to memory of 2660	4712	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fd77dde4349f165ba382bda63d9c85bd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8eb3846f8,0x7ff8eb384708,0x7ff8eb384718
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,14713849486910398364,10545308918940573628,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,14713849486910398364,10545308918940573628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,14713849486910398364,10545308918940573628,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14713849486910398364,10545308918940573628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14713849486910398364,10545308918940573628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14713849486910398364,10545308918940573628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14713849486910398364,10545308918940573628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14713849486910398364,10545308918940573628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,14713849486910398364,10545308918940573628,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
ee0a4dcd7dad63e094be539cf0a7d54b

SHA1
9c916513dcbebe13871435e2cbe48f1175ad32cf

SHA256
83fd01acfeeeb1eb295751383d2f73fa2f68d677b9a91a9f63ecf0c23b2a969f

SHA512
34b58ef4105e7da52276152dca24f1744952f8967cd7189dd13005a56ce0569d13cc8b66b8992d74b8d8447b261112034d077d5b3a7560a420ad3181caba198a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4e7c98f7a46301d806599554acae10f2

SHA1
a546904450b8dcdcc389a3bc35528e6b3482e5ee

SHA256
43d70e2c6a9aa58b77f72337acd54ec1e94b11bc5e309fed32ea8bc679fef0b7

SHA512
2047d042165ab00016d7a26840aa7284461b406c8ea96a3112845e4931ff66f960f564890d6c3de78aa4ea278a1a1fba6b65dbb906a79f6b0b66baab11e3be9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
52287f5c654f9adcc6157c769caf664e

SHA1
7914965cc1eb0c0636de5316f203b48b19b5d84c

SHA256
2d55944c3881126fe5c4c842b8017db02a37d2635a35b17751f7e2f05c32d5c8

SHA512
ac6ee086b3084888d84a7f2bb61a7142bea4fc8080d61984db14deb08e1eb34b057cc16fd17d814f6d482acd5b7b1239488e7ea8c1f0a7adca122df5517ffab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e42c09702471089911e8f25fa191b20c

SHA1
7494407e1b87f7fb5fe1d8af434df7ccbf84f8d7

SHA256
8f4cb37be560512084c1e9c9c6b78d06c7d7675a05941d3e8337e575d8d4dd74

SHA512
79f2a1f9b56d1b860bf55667ad0ad40f598eb42128fc67af5f7f7603f759b2a1c48a22a7f4a2eb1020416da07a9779f071ce8cce6e5a46369a12f3f34514a865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
069809365d3a66395fc6cc6ed848c042

SHA1
40a9d1cff0ffac5ef04f84aa41f19402d7070ce3

SHA256
39c0f959a789107b5302bff7b80ee7b96213404da9dced9f1e5b04d41229ff1f

SHA512
6a25e1d32c9506e2050acc9920174267e29d91390ec7cafda53d7bb705113cfa22e67fa671f69b5776eef66c1041b1c306bbf14c44bb645f6648ddb9ac36bcf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f96c1c2a6cbe0d5d9731aa06c20fe7f1

SHA1
be3d93313ad3faefa438aaac20e4ce1c3b03c5ca

SHA256
f0eec900b79df14cf82c5dcbd5e52df4573e7e986362c895493df37ab602e3d1

SHA512
a765958c945ece5efb3cdb16b21c09741d66982c219f2d84fe8e16c76d2d45f6517fc37a0f452d35be98d2347f31fe40b9e8c19268eddb39cffaf94d7bb3181b

Download Submit