564f0b01375817d2796e59c131fe2742e583a6934670b971dfb6ebb5fa38d0fc

Analysis

max time kernel
148s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2024 11:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39c4260828e3f9cf34eef3775f7d1867_JaffaCakes118.html
Size

36KB
MD5

39c4260828e3f9cf34eef3775f7d1867
SHA1

7f69cb35d751f344e3b74d500b232a1b9b6f03d9
SHA256

564f0b01375817d2796e59c131fe2742e583a6934670b971dfb6ebb5fa38d0fc
SHA512

03a14dbcd44d4fee3221501e8e37f00081f6fce9d94481850fe4537642894598c6866e945eea0de2c2906e772751e8d14f338d26b4b3d61834bae950502910bd
SSDEEP

768:SMYHGuvHMzWsKB90BigbSZ2wzXbPbDzsR3aKNUrV:SMYHGuvHMzWZ90U97qqKNUrV

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
3992	msedge.exe
3992	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
2096	identity_helper.exe
2096	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 3440	3992	msedge.exe	85
PID 3992 wrote to memory of 3440	3992	msedge.exe	85
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 264	3992	msedge.exe	86
PID 3992 wrote to memory of 432	3992	msedge.exe	87
PID 3992 wrote to memory of 432	3992	msedge.exe	87
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88
PID 3992 wrote to memory of 4112	3992	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\39c4260828e3f9cf34eef3775f7d1867_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1a8f46f8,0x7ffe1a8f4708,0x7ffe1a8f4718
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13408098626697021454,11718092045083571304,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13408098626697021454,11718092045083571304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13408098626697021454,11718092045083571304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13408098626697021454,11718092045083571304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13408098626697021454,11718092045083571304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13408098626697021454,11718092045083571304,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13408098626697021454,11718092045083571304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13408098626697021454,11718092045083571304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13408098626697021454,11718092045083571304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13408098626697021454,11718092045083571304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13408098626697021454,11718092045083571304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13408098626697021454,11718092045083571304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13408098626697021454,11718092045083571304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13408098626697021454,11718092045083571304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\91f1d21e-5176-4f7d-bfb1-2a70c1d44cc2.tmp

Filesize
6KB

MD5
12abd8b35dac4738f37e90a48a5022f7

SHA1
2609d4ef62141d8590642e484fadd1f73b75fca0

SHA256
2f222ab863fb2cd77517507736b3f3f2fd11cf50d2492f4a965014c0db13e7f5

SHA512
c8d77617c506c4c661d746c357637a801106446e6c9b2e3b08ccf5704bbf8c625d95a24443da7dbc701247ddbefb1e1a60db2bbf6773d7b96c12262528fd93bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
516b6800aa7e93ec889e0b5dfd7563e0

SHA1
eb96908e6732edda4f2ec7739375db3649018f58

SHA256
c053cf2881f71877253127d62221b42317202a0453b928f79bbb289899ffd5a5

SHA512
9bf768933e8fef98328a683d38638f0594b69b1a095e4d1323fe36a856eab8f46917a310b2c9a8390fa97dda5957b929cab9720d8c5e0d6741bb091d6128b7a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e21cacb8284d80c58fe5284b2710131

SHA1
77110613efa30ae6233bfaac0cad642c040c3397

SHA256
2064a7e8f3c33c9c357539c01133a3a2c0b540dfc10b41923faec0f44c37f3f3

SHA512
a2fa911de667e199413f4731f7dcd7a0e422deb765c341464fa57e2f27bcf4a3d144639aaae8ea9449ee2f6b626b062386f1a7b408a955f37c85be2be2c28336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
87bb8b0a37d0a07f2b2ebb0365fa1bbc

SHA1
e619a5f86b34f8639cc6b25953fea1909a7babf9

SHA256
d4542247d6ef416404dff60443673d8d590c3adcda67f1484b210097a48b7dc1

SHA512
8d3b26d8440399e53eaa7fe483a34c38206a7bc7ca6e261cdeb8a584fd0697f0dd1e926ecf038ec2ca049a950def8f3bbd861877bff3f46f45a40291deec29ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bf8a3cb2abbba4029032b305b07c35ee

SHA1
87b085db1dd7a21daa1e33ad9ce6459703cedd19

SHA256
98c1c11755d0d557684d3a4a28053f3e040b4f8eb4494983d0e7f48ffea9ac58

SHA512
1daa37ea720a3468c88de0a37ec256db14fd381ac1a11fd43195e5d01f60fa594aad5db00daf8db7a6a36af7897f072bec39bbbcbb0f508a5ebf4849376b3a63

Download Submit