bf5399034236933f89fa20b809b08fb84df5a613fd950f0c574afb055552217d

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cdfcd2fd6664ee228797384869121dd_JaffaCakes118.html
Size

56KB
MD5

3cdfcd2fd6664ee228797384869121dd
SHA1

9e0c6503afb2ae833e43964244b78eccebeeab15
SHA256

bf5399034236933f89fa20b809b08fb84df5a613fd950f0c574afb055552217d
SHA512

d3195de41b66f344688fdfedd3468e17225b9fbabe62aa4a74a25cb5f42c9c3090dd8d01dae949e99cc1388659368f38a9a74f32dfe3c92ec5f6153e847bcdf3
SSDEEP

384:bFyLHvU38LIjlHss6aIHvXfCIooNPATcijBC7J1MjNpsMZIwRB83SqS/z4qGWOLX:wLzpHvvCIoodcVjsKNpTB8iqS/z2/clO

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
516	msedge.exe
516	msedge.exe
3512	msedge.exe
3512	msedge.exe
2784	identity_helper.exe
2784	identity_helper.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3512 wrote to memory of 1172	3512	msedge.exe	83
PID 3512 wrote to memory of 1172	3512	msedge.exe	83
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 3852	3512	msedge.exe	84
PID 3512 wrote to memory of 516	3512	msedge.exe	85
PID 3512 wrote to memory of 516	3512	msedge.exe	85
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86
PID 3512 wrote to memory of 3124	3512	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3cdfcd2fd6664ee228797384869121dd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcccc46f8,0x7ffdcccc4708,0x7ffdcccc4718
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,6141753512237563878,18196453451161704350,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,6141753512237563878,18196453451161704350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,6141753512237563878,18196453451161704350,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6141753512237563878,18196453451161704350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6141753512237563878,18196453451161704350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6141753512237563878,18196453451161704350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6141753512237563878,18196453451161704350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6141753512237563878,18196453451161704350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,6141753512237563878,18196453451161704350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,6141753512237563878,18196453451161704350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6141753512237563878,18196453451161704350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6141753512237563878,18196453451161704350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,6141753512237563878,18196453451161704350,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
527352859c8b0c58b27c8c1f3ac6fd9d

SHA1
4c54dc0e639dac675323e473670f80c7bcfb0fcc

SHA256
2f8ec58947085c0db541cc8dd57352c762d46f83a1426ebffaf98db1d34b3b07

SHA512
3043889ff9c57a879b82ee89943e68084b641ef47f05322bfe534f0c1c2ee3577cae8db581a45fa5e364b3778b564beb639039802d9d30acb2172e3f27a24bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c1cd3ea3cd29927b4c8a9829bb9a3176

SHA1
dc63619a3b252292e7afef24e121a2b985939be3

SHA256
d37adcbee10a060599efde102bc53c1d2822d1044a71d1cc8b8e9f0ab8f39bbc

SHA512
7e456a5fa0b8b4ea80266e66a4c492e7d76497474c690d0d9b68107011d17982b1d5c8bc507e8c5dcc8214059ab9f361e94a9d5f70b2720c875e126710caf31c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
72e6e4089c52aedcd13cb63c91d3a7bb

SHA1
d644ae57ab7969e31c1bf070653324df69d2e80e

SHA256
875e5eb33ffd67421101e3465445c2b0fac28740b89940d3bcc8b73e6cec8e26

SHA512
0f5cef6dca881e9803c9936bd2db73517ac0a7323b6234bcf47e0307c70579401b9fa7e8dd1abbe3818233610e7fe2f112c00ea703e502bcda6f462553f935d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
da3ccdec553c03bdff7a6a079cafd349

SHA1
560bdd07f5424308bac838b95adc0da56c2c915b

SHA256
d6c0182b91190a1938f266895b38bbea60c64944f0d513420b743f8dbadfae9b

SHA512
30be088b8b5c55198ea691f846b89f3dd35aa794a5e9e549e7c9b36f26ff4396967683b123c8df85a7eb122729030a12e18ec453117d7030bd89e62c44f32816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
554d5ed500d1d768374a8e43650111f1

SHA1
17dce406f711ac838f38ce7662d65367976e475d

SHA256
733407faa2e6563e89b192ccc7e32a52a34d650f5b74247d5da84ee8b3355833

SHA512
31d9f83c905186b05bb667e59aa7fc2435d2cf853c812a0d41f3341423253030247d067516481c80a1052befea36b55694ad4071152346063805d53278dda933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
78374738f8e48e35e649a9df7645b2d4

SHA1
a410351d3381a31294a473f8ef7e33814db5f06b

SHA256
bf38200a87ed2041b28cedb2ac0e2e28bd0735b95a897cc8cd1a227edfb632e6

SHA512
7a9513ea87bf9d485d199661cd811e3ab70a2ef170fe4b9e40f2e472217bb3fdce6b9d361cb52aece12b4e4550ac1a9c70adfd0108bac03bf497c05794fd233b

Download Submit