19a539f2222a3aec5c1cccb4c01fed753bac414592f453fbe542e642a18f6e7f

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 02:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

28eb575d97e7d9b4ff44a6d230e3d151_JaffaCakes118.html
Size

14KB
MD5

28eb575d97e7d9b4ff44a6d230e3d151
SHA1

4cdd2b5d7bd3345b4f3fdb3f6261ae979a09c624
SHA256

19a539f2222a3aec5c1cccb4c01fed753bac414592f453fbe542e642a18f6e7f
SHA512

26dcd090f8fb056db75cb2ed7073df0cf9601faf55f1bf8e89b87ab2bba5e7b0edb3560e416ffc7bad7eaa8f9fb1a7efa936054778390a0bcf8bf72d2de383ed
SSDEEP

384:OygMO0sksYwcXW4iD/nMaJQaa9vu59l482T:G70spreeTnMtaa9vI9lG

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
520	msedge.exe
520	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 520 wrote to memory of 3312	520	msedge.exe	84
PID 520 wrote to memory of 3312	520	msedge.exe	84
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 1716	520	msedge.exe	85
PID 520 wrote to memory of 3024	520	msedge.exe	86
PID 520 wrote to memory of 3024	520	msedge.exe	86
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87
PID 520 wrote to memory of 3648	520	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\28eb575d97e7d9b4ff44a6d230e3d151_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff9b18146f8,0x7ff9b1814708,0x7ff9b1814718
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,1151344837544564243,10017530016165843618,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,1151344837544564243,10017530016165843618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,1151344837544564243,10017530016165843618,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1151344837544564243,10017530016165843618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1151344837544564243,10017530016165843618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1151344837544564243,10017530016165843618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1151344837544564243,10017530016165843618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,1151344837544564243,10017530016165843618,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
474e6bd6595a45ea85eb8f367aeacd21

SHA1
ad5b503c4bff8a5c6d6f0ab8a35a46b48143c82c

SHA256
5570c029e5f93f81e9feef79acdfbd3098e85de79131cd5af6f830f7439ae4e0

SHA512
6a5cd3626d84d85922c72447cc6d5472a3bdf496913f74f0ce829c77e9442295bf7a7d196149b39f0a986f9719359471f2ce7f2784ad77a248cb6434361c4d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c20d1bc6e51210f53a6ffbfd5240638b

SHA1
c6a67433597ac466c595710fa3f1bef26a7abb8e

SHA256
e6c264dd49225fb5ea7b2d50d1e2cb9e80d0e2c1d8f4ad787640d843040ae184

SHA512
83c4b478e9295df680502e6ff0d8ee75f7c63463cbe4aec432ec3796584879cdc36e4edc298c8e180e9c8939edee10ba97bd4c78d89e8cf05a3675948c05cc2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0cef61fd5d67f847be7f1f971aa1451f

SHA1
a6034f272d22d846520a4db1d83a558fa9d8f6e1

SHA256
c00eddb5bfed5f0d5aa633d7c9b23cafda7ce70391c8ed6b293330b7b97a758a

SHA512
54a177427289e0d8b02378d5858a95f4b20582dde28c47e1700ce2f1c2d5b797a7ea79c3c44b0dc9e3c05c7fc41833652d6ed5928326acca6514f2f96d422bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61f983c16c07a8b8801878993d3e4187

SHA1
88fe36312873650e6f3616bcb775d7cb1152c2fb

SHA256
79907950708d9e94751959ca45151465acae58f610fde5b87eb3b6011912c99b

SHA512
ea99d4483da9b781dd6d9a89d3304043f3c0c9b454254b27c4a04c91d473e707626b5ebc6baf1563023006123a064a16cd7ad58473c449b94d4fb14c1061781a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3f113e11f1c549efd4ed9472c4fd5901

SHA1
3f6a838c090d919786d586d133cbb20c144b6e32

SHA256
14cde80fafcfb18cf9c8f3f9db0ac3a0e175984321d39d79a959f5a083c9d335

SHA512
cd4203b3b9c8dc88ed0d2f4a1ce049c8839c1225a3b81f94356628ce8c00eaa5ba6fd7624209919c7625135f2f451839019b54c8f73eeeb403b684a77e131045

Download Submit