b25c445a2e128ad14a6a6c97548b5ce3db772b7ddc5fb8df509bb8e1ca4c5805

Analysis

max time kernel
145s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-09-2024 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fda3f157779511a402df8ac01107b444_JaffaCakes118.html
Size

249KB
MD5

fda3f157779511a402df8ac01107b444
SHA1

b9865db886ea5a8f94c64483799fb7f9243b8c8c
SHA256

b25c445a2e128ad14a6a6c97548b5ce3db772b7ddc5fb8df509bb8e1ca4c5805
SHA512

2b2b9030352310a8fabe3ca1acda3da5315ba546b2092c8317a50b44df0f12e25cece03ff20799c55a10eee323c86f48d03a04652b81dcc9824ab574118b2701
SSDEEP

3072:SWyfkMY+BES09JXAnyrZalI+YhyfkMY+BES09JXAnyrZalI+Yws9:STsMYod+X3oI+YksMYod+X3oI+Yws9

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
440	msedge.exe
440	msedge.exe
3852	identity_helper.exe
3852	identity_helper.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 440 wrote to memory of 5100	440	msedge.exe	82
PID 440 wrote to memory of 5100	440	msedge.exe	82
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 4172	440	msedge.exe	83
PID 440 wrote to memory of 3320	440	msedge.exe	84
PID 440 wrote to memory of 3320	440	msedge.exe	84
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85
PID 440 wrote to memory of 3800	440	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fda3f157779511a402df8ac01107b444_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbe2f46f8,0x7ffdbe2f4708,0x7ffdbe2f4718
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,5484584222858090273,3522568118000422107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,5484584222858090273,3522568118000422107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,5484584222858090273,3522568118000422107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5484584222858090273,3522568118000422107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5484584222858090273,3522568118000422107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,5484584222858090273,3522568118000422107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,5484584222858090273,3522568118000422107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5484584222858090273,3522568118000422107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5484584222858090273,3522568118000422107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5484584222858090273,3522568118000422107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5484584222858090273,3522568118000422107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,5484584222858090273,3522568118000422107,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eb1b36386540f813e103a9f63548a7ee

SHA1
a402164c0d8c069ae13db0473288b929a70e5979

SHA256
b5d65938db609c96a62661cea301deeec6369037193de4b576d09bc2025ed8d2

SHA512
f3b99f881bcfb8b882429767d9464b8bcb09b91daacbb1201f52b461ae83ae79536ecbf922321dc71a250821c7e540d357ec66ce41150d772e823fa95a7ac4b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ee38af82403ed91cbddef7d8228c0fd

SHA1
eec1c3941026f393852c895dcf880a86f65ea80e

SHA256
9fea5d6555fab355ffd6541708258d130cd5c83cc45edcf48788b848a5e9041c

SHA512
4340ce1e6474d0168b5ea17359770048926c5953e9811ceeb9c9bf6822e96ab3a8f611c439f18b9816b9669030ed8f3aeddf1dd2078848fcf425ef439325fc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RFe5783f5.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
848c1ca48dc01de58cf8618f399f046a

SHA1
0d203e9dc00d2a74e00c2c5260a4f02aea49febb

SHA256
242967d1e0a9ffa95267e685e6f9afbffddc4b1b7617e50657a94a8f2a8a0254

SHA512
06314574593e350f93f5c0d3b97dd557dcdc56056ccc23272761983f5ebc2c3bc1248434385e3ab5c95eed8ba5d50d0959227594dc88eba624ba9e8cb0c8ea84

Download Submit