78ec7177ba6743a5427ba45dc86a8d56099ae8049f99cbc5d09d7afdd02642f0

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a630c73c6d4171070e9bba41bebdf5d_JaffaCakes118.html
Size

209KB
MD5

3a630c73c6d4171070e9bba41bebdf5d
SHA1

709a7e36aee9c81df4fc5c5585767dda6fd0018a
SHA256

78ec7177ba6743a5427ba45dc86a8d56099ae8049f99cbc5d09d7afdd02642f0
SHA512

732b27fd736729a2f0c9101e35aaac392842fea36be48697992ed878cb04f29ca7924237f6fb3acd70929c0711ac2cc2053d96d9dc29b3bbac15f3ca4454092e
SSDEEP

6144:U9eGGHRxVApi/5yBVDA1xjUQFURkOM3gkV8Dbt17bqPdBrcUmMBQevENmfVWSK46:xLxxVApsyBVDA1xjUQFUREgkV8Dbt13T

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3640	msedge.exe
3640	msedge.exe
4748	msedge.exe
4748	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4748 wrote to memory of 2060	4748	msedge.exe	83
PID 4748 wrote to memory of 2060	4748	msedge.exe	83
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 2088	4748	msedge.exe	84
PID 4748 wrote to memory of 3640	4748	msedge.exe	85
PID 4748 wrote to memory of 3640	4748	msedge.exe	85
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86
PID 4748 wrote to memory of 4120	4748	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3a630c73c6d4171070e9bba41bebdf5d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff997246f8,0x7fff99724708,0x7fff99724718
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8714898874325304331,1113077946818788384,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8714898874325304331,1113077946818788384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,8714898874325304331,1113077946818788384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8714898874325304331,1113077946818788384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8714898874325304331,1113077946818788384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8714898874325304331,1113077946818788384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8714898874325304331,1113077946818788384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8714898874325304331,1113077946818788384,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
314401b6c8179e2d334cb2b22249f3c2

SHA1
802b959734bd4aee7509e5a7643f1184c1c22a4f

SHA256
ddf996598fecf01fc3337b6830e70aa8c3b8422e4f81d169ea694b21325781b6

SHA512
c87e5d15a78b377e18db2d6e61344318cfa25d4e7224ca70ce858f87c18a0a0807aa70ba8f276189f91bdae90b7250feabbffd4a602e1bba881e75da3acfa9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
22499d9d6fa3a7b9cf6434d78147456b

SHA1
2edeebbb61b581536ab11f39ca2bd35d63128e31

SHA256
a7112efee02c1f3cd88d80ce2bc30abd994bb69d594a9742ec8d70463f26f94e

SHA512
dd184ad88c536edcf6edbc5821fa53f4f315418e6e18bb5869bc0050a58ce00fbf182270d4421109e0bc43b757aacf92cf90918e43cae88f6ed5ab080b20d917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d4d181137f5ae7104a763206e6e6afe4

SHA1
9f61845d510d803ba78e66323732032e8b42f598

SHA256
d48519bb1fb0747c7d7a6ba46311c6cf354eb9a02280abc6a2336464b947a3a3

SHA512
4e743cb29aee71722159bea3cf9971ff8e73fe6945685ee4dd7a778255399c51606c7c4b23e0c702a3482a012c32b6cd4012f198a36a837c60afb48a0ccbe3ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0f0fb1a51b895d71ffc5865c2d7a28b7

SHA1
0c5e63ef93f717ca042989bf6ec51e36be9288e1

SHA256
2d8897954d85b1a0c7ae7915d14d63953f7a94fae3517b5eec44170667e5f772

SHA512
e3df8abe5edd3816f345427ad0664881e1a0e2a4be6e4315b70230a320e6557b3f61e015989a43d59423f96f51572e33c0b514f3c460066b661a74ab7d7060e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e24ed779768f98ac0d4c5238286e031f

SHA1
2f2c4c362041adae3d569a3f53d4e18d61ed04df

SHA256
fb47e143196b95a514505c8acf9904db986bb0ab77ed4b64ec8c463d1dbb694f

SHA512
13684edb3c5a8829cc43d364a6d25373ad030b8c922101546591bb97d7b96c6d1d0226156126b85125db9b5ad86ae783dc7dfde9221676a45723cc27b846115f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40ebde20e1d540e570cf5fa05d5231fe

SHA1
1a89612e1fc110e546df9e2201dc9109973b6c19

SHA256
d43c025cc4e0a0fa6f30b6a0146261529f9018ac4504bf4b2e5b20223187f636

SHA512
9999eb829a85c8219e60a1c3d821f5ad3691f3d3a16bdd777f9d2eb93663a0933037805f2fde0daddc3ae672f6d681db1de3593e56021892ddf2436779874058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ff28c0ebd80a4157078f3690357b4117

SHA1
01338efa4b2a187635b9b56a22f0aec41a20cbb7

SHA256
950a6907d967f2ee797ecb524d8961544d02c1a08acf745dd72ed575643f3117

SHA512
264e8223d49bfc34882f618c841be2a9722fb05d525dc42a8e9aca4c6ea90fcbae12483c2f3da445cee8068c461d82baebe53a2ef33998e031482b03deabba00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e8f03faa0979390d8e5296e9248788ec

SHA1
e08959d197d836068516aeef443a8fe2066bedb4

SHA256
e6ff2b6551aa314520199aae3a07b26c20acc9d09a31afa461e52204e7951174

SHA512
83c865b3b1fbd9a2764ffabc381eb4b38de16af27d35ca7fac2413854a163a1e973f762e1b60523e89d96bc7fb8105c51e3429a6430d35978341501a85a281b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585abd.TMP

Filesize
874B

MD5
e655e28a9ba2c8277a9ac03d5379a9b8

SHA1
1e2e6ed11df543290ba07204c1a454aa76f3599a

SHA256
df2b4f97003539c10b50bf254300f8a7c87ad9dc828cad6b95dcd8b4be637728

SHA512
b53ad0df71ba57c39557f60cf48b893f683d1d86928cffc42cd5afc508228cf08918a7852fa1a1f79f25897985a0ac5deba5df8f3e9a4ef49c3f95dda08af4fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
43b829b765bc019b302a8ad63b586375

SHA1
c82adb51baba9f5f77e2318194b8cee82090634f

SHA256
06bbc6934dab75ee108d34cfc1e3a8a69fc7255cbd5801f3ba3494fa654ce6aa

SHA512
ac68173dc501292e016cc1146b2bbffb53c1ea63ac5306f1855d200252bfe49dabf51eb1850a49aa32838236af70b1aec02de543eb519f0f3b52fae7d8af3ae3

Download Submit