e8ef9d540662365547b34ca1a803619aae04576bd0a638cef6ab629c943a56d2

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe33fb7dfba25d598ea79c7f67b92562_JaffaCakes118.html
Size

37KB
MD5

fe33fb7dfba25d598ea79c7f67b92562
SHA1

63eedd0ea85ccbe30cd9804922ac2d6ea7c0da5c
SHA256

e8ef9d540662365547b34ca1a803619aae04576bd0a638cef6ab629c943a56d2
SHA512

703bbf38093e8ad56cfb3db947562f6c2da334da5997322dd4a2c590e221fe6e43bfcc6430da49c6e88bdde9945409138f265fe920fdcc18212c2c6b79e6ee36
SSDEEP

768:azbMzpGjIqdCkCVCvCvCPCPCCCCCyCyCpCpC1C1C1C1C1C1CWHLt4x8BkQ:azbMzpGjIkBEwwaaFFPPwwmmmmmmjHBh

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
2788	msedge.exe
2788	msedge.exe
4564	identity_helper.exe
4564	identity_helper.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 2292	2788	msedge.exe	82
PID 2788 wrote to memory of 2292	2788	msedge.exe	82
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4896	2788	msedge.exe	83
PID 2788 wrote to memory of 4868	2788	msedge.exe	84
PID 2788 wrote to memory of 4868	2788	msedge.exe	84
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85
PID 2788 wrote to memory of 1412	2788	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fe33fb7dfba25d598ea79c7f67b92562_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd76d846f8,0x7ffd76d84708,0x7ffd76d84718
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12596633566605888170,11180067766460590361,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,12596633566605888170,11180067766460590361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,12596633566605888170,11180067766460590361,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12596633566605888170,11180067766460590361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12596633566605888170,11180067766460590361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12596633566605888170,11180067766460590361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12596633566605888170,11180067766460590361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12596633566605888170,11180067766460590361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12596633566605888170,11180067766460590361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12596633566605888170,11180067766460590361,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12596633566605888170,11180067766460590361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12596633566605888170,11180067766460590361,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12596633566605888170,11180067766460590361,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
94f77e88df2c93056c0a338575fde26b

SHA1
59e68e5e7352fd9a088d1c60078292cc0d4c9207

SHA256
aec04260c28c7894a71821a7dca3f61eb1fa5c99efc84dee1c2c3536191280d4

SHA512
f48903de3e0c6974dbbbac1be613e14a44b3fce3eaab1b7fb991116a28f590a34899ae80c0629b1b7a9e85d78d1c80c3c2575c1c389164a50cc6477d7429c1ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
843B

MD5
996ee3043a0558ce71a5a7c845f983ae

SHA1
4f8629612e132b921ef2ed31755c24f542821aac

SHA256
0d0304ffcafc04eeb63ed0932d9aa406a6affb4d3f64edc639611f278cfcc9fc

SHA512
e7d10ed25f3182d62fa8e7dcd68f3643b4a72f15917eda59399db6409aa8d67ca1cd9603e5c831c24137d557648ebe66c6efeb486d21873688d6de1f600d72e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f959ee861ac5e60b131408913e67f4ac

SHA1
0f59331e650ddc4972ea2dbab969ba58bc75e224

SHA256
3d3272d31f9390e4f780c6a560edb35781f593733ca0f9b73fa894a242be3259

SHA512
e6ec0a9e864d32f61c6d3b4b4b59a46e111efdbb9197971b7bf05cfcfcc8b8220ca678281606a7ce6e761d497ed8a8f70617517b95c65d3590655d1a5ec3040d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1064be3adc9d264920dffe7771c25e05

SHA1
00fb494e1ddb42d038ab1b9c4dbd5d567b9e42fc

SHA256
1c216e16dd557b5e8d638677f3fb4eed6dd03983642b28e949f845b6caedd820

SHA512
0edc3b0bba5c6da8966d2df490054be99c177b8e1367537d71cda514b58ef6293b767c197dbe724d0664681b5780322e6d34537e8502c7fbad386f94c4b0a368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
501c70d50671a7a49e9dae203658ceb0

SHA1
1e1610427233d510db00ea6d85aae3fb725264e8

SHA256
833195f7b5eacbbef8023647d5625ecdce517c2ccc9217a4d2d9ce7629c53980

SHA512
4a774d96e7f7507ad5e3dc41a733fffc76e22034b3146eb3f54cb641b89a76621d6d4798d9b78f178cd6175cb09101ec49d82a9f2cd08571f83b80a04383defa

Download Submit