b2b7cdd116aa27961745fc84f9b8a951d3eb064e0dba0debb885fe0c262eff4e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

102807bede1f0d5b6ea64f4921b7aeb4_JaffaCakes118.html
Size

39KB
MD5

102807bede1f0d5b6ea64f4921b7aeb4
SHA1

41c9763c3d11f3c08f7b89d42e86829f857eff54
SHA256

b2b7cdd116aa27961745fc84f9b8a951d3eb064e0dba0debb885fe0c262eff4e
SHA512

88138aaccd6e37f2ef964e4d37ac3f4c2d9def1b16ec24f4ca79a77a920a42c4871bc607dba264c7c938ee04719f6c4b83ab4f5aec6bc1c50afe548a3848cbed
SSDEEP

384:lrcu6RMK+DhPZo0lN2g/dahTKyUNUeYvITH4GHnFyHKVbqTHmxkxtg3KbV10QmHa:FlR/Wrvdx08Ux6L

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3600	msedge.exe
3600	msedge.exe
4428	msedge.exe
4428	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4428 wrote to memory of 4916	4428	msedge.exe	82
PID 4428 wrote to memory of 4916	4428	msedge.exe	82
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 4044	4428	msedge.exe	83
PID 4428 wrote to memory of 3600	4428	msedge.exe	84
PID 4428 wrote to memory of 3600	4428	msedge.exe	84
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85
PID 4428 wrote to memory of 3516	4428	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\102807bede1f0d5b6ea64f4921b7aeb4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd70fd46f8,0x7ffd70fd4708,0x7ffd70fd4718
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,56291318226809387,5399826376821051388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,56291318226809387,5399826376821051388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,56291318226809387,5399826376821051388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,56291318226809387,5399826376821051388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,56291318226809387,5399826376821051388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,56291318226809387,5399826376821051388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,56291318226809387,5399826376821051388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,56291318226809387,5399826376821051388,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5476 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c651a0d71d6238120d0186b9cd260547

SHA1
4a3594ead3fbdbedbf27c30cd3e05989cb6c92b0

SHA256
f340a96617e005a244d18d0c8535cf1482ebb3837e97168cf8fc965cf478d54f

SHA512
2fa675e252def8484f03e8ca7b3ddc7ea48c21cd5414b52a3000a8e0c50b67c118342e32bf731119a69406bfc607471c879fb325a5d80c168fd4b995a733a368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
409B

MD5
37164d12638fbbeb6e3fb569cd847cb8

SHA1
eacb0b78207e74df1bb1426a3323776c351cef7e

SHA256
3474424ef930c576e81d3741576de2593946abed8423d968df5756f389acaf95

SHA512
87f7c5dae0a02b38392705449c8558403bd91acbac153c93cd6f7d6264744e7c3dd2845414029b70b228c2412964ad9bff8e0ca80f110b03762e1b64e15f7799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
632157b3001fbae0e1564d64a7070cfa

SHA1
9f352d33e34e6d6755ad1d5e7f872079e7c0a892

SHA256
9c601175f0ec771889ae83cf04f1c0fbde707b581c76f8cf12053eedec7717a6

SHA512
1dba029e26c57f588ab696c5f7d03a45cc82544cdff9f92f7729c9b19a7900716cdae2fdb56fe21765240af2d667e59a6a248f7ce9b2c99484e4d6164e0a981d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b023a80182f73ba8a7dea769e35c783

SHA1
d80fdd61bf013c7d955292d6a1860a8a7d1d49b7

SHA256
b4786749da181896eae12bc7036ed69de78bc4f7dea8b5b4970f2881b8ea9310

SHA512
86deb734ad909991173524cc960093fc60b1c4cfd83d5f56ec38f59ee540820215444f186d358246d6d8726b280d58b950f75b027cbe14731a0e733f46d6ad5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4f82765e247f7092586c3d53df9ffe79

SHA1
9999c880af6a13a771942836d77bcb8f58b8735a

SHA256
f0cafa987568941d12e35496eedc298592c88137d46583c843a02e06764a112e

SHA512
57dbb9a70590e7e00f49ff58ce3d0f59cbbdcad34c67a9c35cce62748b778e63aaa2a734af0f42bd9ffd7aa7e0cc474e8f4aeee8a03ce00b02d8b862325223cf

Download Submit