158eb9c7c9fc1988dc5eb5ba2b1ac1c594c433943d8758678f2fd4f7b7c5fefc

Analysis

max time kernel
146s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 02:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ffc136ecacb02035496720a81a35bd36_JaffaCakes118.html
Size

9KB
MD5

ffc136ecacb02035496720a81a35bd36
SHA1

dad988271a587ad187396d066bd472996d8c2c81
SHA256

158eb9c7c9fc1988dc5eb5ba2b1ac1c594c433943d8758678f2fd4f7b7c5fefc
SHA512

e5e53bb72aed6de0f1d59843929127644a90ed14290b2508ac70665a232439938e7814012406152acd570e328b90d6440da0c5c6e2286269e29a2bc3fe924783
SSDEEP

96:uzVs+ux7y6rLLY1k9o84d12ef7CSTUpGT/k8RpUlVHcEZ7ru7f:csz7y6rAYS/I6UPHb76f

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4576	msedge.exe
4576	msedge.exe
4272	msedge.exe
4272	msedge.exe
972	identity_helper.exe
972	identity_helper.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 4748	4272	msedge.exe	82
PID 4272 wrote to memory of 4748	4272	msedge.exe	82
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 3256	4272	msedge.exe	83
PID 4272 wrote to memory of 4576	4272	msedge.exe	84
PID 4272 wrote to memory of 4576	4272	msedge.exe	84
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85
PID 4272 wrote to memory of 456	4272	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ffc136ecacb02035496720a81a35bd36_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c68146f8,0x7ff9c6814708,0x7ff9c6814718
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12145967320900016343,13754535147891673042,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,12145967320900016343,13754535147891673042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,12145967320900016343,13754535147891673042,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12145967320900016343,13754535147891673042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12145967320900016343,13754535147891673042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12145967320900016343,13754535147891673042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12145967320900016343,13754535147891673042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12145967320900016343,13754535147891673042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12145967320900016343,13754535147891673042,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12145967320900016343,13754535147891673042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12145967320900016343,13754535147891673042,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12145967320900016343,13754535147891673042,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ccd05ca9635f0413410a5d62bcdbbdaa

SHA1
bb82739574508c1ceb0119157d83d2f6fe8a8755

SHA256
698e846b11632c458fd1996f02c3c904b054c49936058087249035e82ae60f70

SHA512
9ceda7623c0ee545decfc5f7eeb43c373f862ac63967505b88005c21fabe3ef12f61b5428b352f4370fd97c323028860f1087919794858bd43a2d4ec3c428889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb00adead03ef3774bb7c3cb353a9d58

SHA1
ba103b4476031936934c00f516ec4329c52c89e6

SHA256
da154b9266938554a9dd82774e9a71cd0ea17edc789204bf31977854f55ae9c7

SHA512
9a9a11928c97e01e2f345be4f0dd81aaa87b2b0dab0b4acb681feba2e53201e401741ac4a9518ae30c46ab982974e01c3169780d2adb60ed5ce1b68759918d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4e245727ff8ae667cc567519122e78ac

SHA1
e2b2f3476e9d71b6d10b4b6a3fa9e6e569f40571

SHA256
b58d4ba7018e29a073a9805a3728f3cebd023626935c1df86631ead4baa42a28

SHA512
5f920a039abecfeae94b327d97645589e5401f77f9674dc17126afaf7d4e18647ad5417d5dd93994f16a6ffd249f7757649b7a525a8f7952c93b068ea60e29c7

Download Submit