c8ee5fbaf05dd2adeb1bbad3429a3174e325ab5bdc7770787a19dc639eff2796

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0de7ce7956c89836f47879ab6ca35a68_JaffaCakes118.html
Size

23KB
MD5

0de7ce7956c89836f47879ab6ca35a68
SHA1

0df10771526a7c62bb43ab8270401b670ea5fe9d
SHA256

c8ee5fbaf05dd2adeb1bbad3429a3174e325ab5bdc7770787a19dc639eff2796
SHA512

a9d728b6923908e8e0dc34ab2cf4ecb273477c7666fee9b812cc02d4bee053497a9b7feef9effb43747c66c5caed1bd4d035fe25302419785d6e65df2cd41536
SSDEEP

192:7GgqdZwpBiMdPwB0aiqg/M5P0V8jFabL0DCnH8UY+lGlQE6VBb92JUrsxI0J0eng:6UgZ5GGzcx+WyaKC

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
4600	msedge.exe
4600	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 1580	4600	msedge.exe	84
PID 4600 wrote to memory of 1580	4600	msedge.exe	84
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 3076	4600	msedge.exe	85
PID 4600 wrote to memory of 1852	4600	msedge.exe	86
PID 4600 wrote to memory of 1852	4600	msedge.exe	86
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87
PID 4600 wrote to memory of 3972	4600	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0de7ce7956c89836f47879ab6ca35a68_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd101246f8,0x7ffd10124708,0x7ffd10124718
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16459782649511629318,2699490161615182214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16459782649511629318,2699490161615182214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16459782649511629318,2699490161615182214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16459782649511629318,2699490161615182214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16459782649511629318,2699490161615182214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16459782649511629318,2699490161615182214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16459782649511629318,2699490161615182214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16459782649511629318,2699490161615182214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16459782649511629318,2699490161615182214,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e2855687a66e3a3df9f4536c1d38d122

SHA1
436c385c8b8284e6fc57b3abea833c88e0fcc878

SHA256
96a15cbd205eae2a9b0f2662635e5efd854322cd4b6e4c95aad7205c98d8d4df

SHA512
4432c4c850cae744d43ae7301e08765dc3aca100da6b1043618555bd9327fa7f7418aa87e1294a5df26d19059f70d8c3e95983a7765f2f0dbf7fae2c2bfa0feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
594B

MD5
1aed5cb157184befed50a9b581e0d77d

SHA1
76c85d7315a4bf1343cbbd3034b46a836ad4e687

SHA256
29ba32f462e5b9feb1318b8374f157a1c21752725f0c2193ad251563dd2a5eb6

SHA512
3923212c9989e07376af6f0efd5ffdc3fd84521bfe495e2c6172c89fbcf891e1373913db86c3dcc62b2a38c1e2050d89cd4770ce7f19cba0045a83187da6b2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
56d63b36eca64fa1ca12a8b0acf5df38

SHA1
0efc13b6d56436ca7ba169392197c1fb0c46a126

SHA256
da67ac07810776eaa97d3cca491f8dc4d998263d01fd5791d9ca8c0ef80ccf78

SHA512
f39a62dc01cbfdf30a0f5bec96c8b34910ca22fc330486dbfdf1d625f80378d8138e18454c757687411804e9da37f71e213d22985361b3ae61264d0fb2fbf97b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f53f3c13c4139374be7da8fe66ec259b

SHA1
e8487367fc46bb323cfe2cff396ced1e883ed76c

SHA256
ce3df671292bf80752023648988668fe5ca34a285ce076901e52abf4ff3736cc

SHA512
c1777b13327e3068d26be5bfbe84820fb4dc97ef5e43b64ef990cd28738bcbea05ce552be2315a4af18c435e6cbb139a54e774506cd4dc3d12c1f5243205cedb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9851a9fcae94cbaaea8005e4c694a26f

SHA1
78edac9cdbfe59f37fae75ac6f00d829ff2716cd

SHA256
205f225774ccfe1687e452765292972522d84dc4512db665963b7c2921de4604

SHA512
a6c995c37c53902cc980cf4161ead1bbdb804fa2e5c99158064305fa69fe9d7dbf93a99b25f99e9ef3a45ddf330c0c453e5e9a3043f4db9133d61c7abaa17f84

Download Submit