aca9e025b24fb06507f3d6063d6cde58974f318ec599f3aebb45ba7492ee42a8

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27e7e136c6a71cb43de583f6a676857d_JaffaCakes118.html
Size

147KB
MD5

27e7e136c6a71cb43de583f6a676857d
SHA1

502905c4f049bf116f4cc965802f670667ac0c8c
SHA256

aca9e025b24fb06507f3d6063d6cde58974f318ec599f3aebb45ba7492ee42a8
SHA512

f8e00a536c5208321e73eb3b312b3323d025997cf2d57dfa3bc0e4b7dd1aa773693d20bf62c0a1fce255e52e8b7ea87794eacab549b9e8dddf4ceb55f93e44fe
SSDEEP

3072:FVGejtPUeUwIVGejtPUeUwMMKjxmjLZGDAMJJlzTPPA0ZLpfq8gMPhbi2zhkSw:FVGejtPUeUwIVGejtPUeUwM1iLZGDAMK

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
3444	msedge.exe
3444	msedge.exe
4780	identity_helper.exe
4780	identity_helper.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 5112	3444	msedge.exe	83
PID 3444 wrote to memory of 5112	3444	msedge.exe	83
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4508	3444	msedge.exe	84
PID 3444 wrote to memory of 4520	3444	msedge.exe	85
PID 3444 wrote to memory of 4520	3444	msedge.exe	85
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86
PID 3444 wrote to memory of 5028	3444	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\27e7e136c6a71cb43de583f6a676857d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa997746f8,0x7ffa99774708,0x7ffa99774718
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6528007610371285604,9115016831254646132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6528007610371285604,9115016831254646132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6528007610371285604,9115016831254646132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6528007610371285604,9115016831254646132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6528007610371285604,9115016831254646132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6528007610371285604,9115016831254646132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6528007610371285604,9115016831254646132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6528007610371285604,9115016831254646132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6528007610371285604,9115016831254646132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6528007610371285604,9115016831254646132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6528007610371285604,9115016831254646132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6528007610371285604,9115016831254646132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6528007610371285604,9115016831254646132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6528007610371285604,9115016831254646132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
595B

MD5
37be39060a38f9d353471bd6703561d0

SHA1
a00541b619a765fa98b767586fa943743c3fe9ca

SHA256
5a8833ebe7d2e068b7efa08f45202eb95b5caa9c5b2ddceb734a13bb1ae42940

SHA512
8e285a3912acd8bd23af5fa3d9e7e1da57e1729aa08f8e530f61042d0791b5496a806c4e8f606bb8647e1b42e8716b09d347ed284e4026b0cd1193e76c34743e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a0e7d0dec0d61cd4bd8b278665cc2ad

SHA1
8fe9e8359b872ad057815c4dc32ee579d701cedb

SHA256
98c745f4b7a76a0b2edecbbdb4fc01f98e204b6dde0a3078116c251aaf00a9d9

SHA512
60941ca6838e7237955eb6d9870c55971f7e79ea2ea1e92e9f925d404a6ea8355c1d446b2c0c45078c70bedd73c8a284dc66872e8ce429bd6cff523beb500f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a38ddd86cd9b605afc8e8ab4f31055d5

SHA1
b307bf2b8d37819c2904f9e66e406566226a4dde

SHA256
b7779976bd9b4e672866ce29f0bdce16c110d833724d5e7a9b3565e5e304e747

SHA512
c1e8e2bfe5b79110c84e064e0ef41a0edce64953e7669b8380342356378a9a3ec2e29477d4f8a243232cab48beb8607709880f1dbcd8a3db4a452ab19684ba6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
70096ed620629d45de18e975d04f3bd7

SHA1
88417205c664c7bff8c0f739516e71eab714ee06

SHA256
abeeb7e7e50755a775fc47fab86416cfa593b70b3f969234eb652432f6de14d4

SHA512
93f019ed8dbf3691bcb8cfa306f61a6b26a8ee8a9b20109871bc69d54581ccb1b9844f79d78bd30818fa8372262220754c9b8db6c49bd984ff76de908020b309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a2ba4e84adb3c92fc487ae76f963e3a5

SHA1
0ffbbfee9865515b003040088b68f4108d28b841

SHA256
1edb1286ace7e34c59030295b15d86c99f5b1178dc571f299020dfaf33b6b1f6

SHA512
a427b589066e2c56893412df00c9141d86967fa3c04961ccf2326550a4df5e196d2bbab1f85e3fb827793ea01332d410de14148e536af3c0bd148c76c6768ca7

Download Submit