2e1ab30a5c5db1d6faf869367ab0c87ce670e385aaeced4aa2929d56cb90db85

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-09-2024 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe63c0f4268089ea62b7747a0d1041e1_JaffaCakes118.html
Size

4KB
MD5

fe63c0f4268089ea62b7747a0d1041e1
SHA1

167e8bbc55abf18fa1cf6f91e9e321bd4ec9cf3e
SHA256

2e1ab30a5c5db1d6faf869367ab0c87ce670e385aaeced4aa2929d56cb90db85
SHA512

254408d3596638b5b3692bc6836e12e7bec791877b326aa0f6e614b928ee87f5615fce3bdb5d422cc2a64c6b506449a43fd03315d4b63f8373e739ec8bf8e214
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oqKP9wXd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDR

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
1500	msedge.exe
1500	msedge.exe
2280	identity_helper.exe
2280	identity_helper.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 2652	1500	msedge.exe	82
PID 1500 wrote to memory of 2652	1500	msedge.exe	82
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 4816	1500	msedge.exe	83
PID 1500 wrote to memory of 456	1500	msedge.exe	84
PID 1500 wrote to memory of 456	1500	msedge.exe	84
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85
PID 1500 wrote to memory of 3048	1500	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fe63c0f4268089ea62b7747a0d1041e1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9931e46f8,0x7ff9931e4708,0x7ff9931e4718
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,385188407370497236,3241396965751632766,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,385188407370497236,3241396965751632766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,385188407370497236,3241396965751632766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,385188407370497236,3241396965751632766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,385188407370497236,3241396965751632766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,385188407370497236,3241396965751632766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,385188407370497236,3241396965751632766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,385188407370497236,3241396965751632766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,385188407370497236,3241396965751632766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,385188407370497236,3241396965751632766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,385188407370497236,3241396965751632766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,385188407370497236,3241396965751632766,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
292B

MD5
c36a523af3bdf5ad79fe8ddafab3b96f

SHA1
093e6a7c971f7c93e83997fadc20b07b630f5329

SHA256
0e3020ac43e86f959af79d99b1ea86687e64403a060f90b409d4a657a0602cb3

SHA512
16cffdea737e0200860e4aa8322079df90c93b87b57d32ebfbd98852522d08b5d0fc6d9ed7aa3aba66dcc6ab3c9ba76fd1cb844274883b8048b33298f293c2fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
399d91d67caa5bb5ed8c9ce6eabfd54d

SHA1
2edbfd0696018e02f9ee4c261b040ca15718ad86

SHA256
ae96e8d41657fb20092fc17b08f9f3d79953ca69a4a6d9e27f70821358029d0e

SHA512
e85b9177088d2098353441f66db47d3e61a1f2b748a592bc16fde7bb71645ddaff299f5ee6006757076d7565e7ccb695cac388ec5952fff615aa708fa865dac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28ec75581da0f2182dc050edeb80b307

SHA1
76e8c5d4cf6be8eb4d41c3bbd9be677c7f794ed0

SHA256
173c2b8ab97cbba370dca78f9d1c8460b9e7c2da3946fd65731e85c70c9bc2b3

SHA512
0dffa1ec3eec4539916217e6e9068abeb62be2d1cddea266abee273edf043c0ae301814e44ae26fbf9d34a7ce46d176e5b4f169fb9adc4e9193981d620d67628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b5fda928446977b7f904d896799d09e2

SHA1
6af00debaf3850d043ae5b1a1e779d76aa1ebf99

SHA256
2d8b9377a6f98a54cfedcc19158acdf61c4ede35d78fe38b25383bf3040739eb

SHA512
b6a6fb25efa0b88d0c1d4a9892313752ea4412baa6bc71ad92936b2c4358d6ffd661fe2863c39320da2b466fa354b2e96ed9b516da8d55942d42d4b1752826be

Download Submit