d7d61bd57511baeae36f69aec71020d617cce55e14b6ddac255bd066199ab47d

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fcbf6ea100f9d622978ba6a5925e33b_JaffaCakes118.html
Size

58KB
MD5

3fcbf6ea100f9d622978ba6a5925e33b
SHA1

94bb677c48ad6d85dfbc14efc88b965b94bbf46a
SHA256

d7d61bd57511baeae36f69aec71020d617cce55e14b6ddac255bd066199ab47d
SHA512

4a4f7b26c3cae35ebe4f8890e481045a43df19b92281ecc64ef9f0b1fba7fbf6288412ad37eea47bf5f4756f40ad063061ad9a266790eb6958bf3f456301ade8
SSDEEP

768:wLtpHvvCIooBVa7svSF5yuzcy/c28oqS/x0FfnPP6:wTHv7o+VaLF5yuzZhx0FXP6

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3748	msedge.exe
3748	msedge.exe
1756	msedge.exe
1756	msedge.exe
3008	identity_helper.exe
3008	identity_helper.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2200	1756	msedge.exe	83
PID 1756 wrote to memory of 2200	1756	msedge.exe	83
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3484	1756	msedge.exe	84
PID 1756 wrote to memory of 3748	1756	msedge.exe	85
PID 1756 wrote to memory of 3748	1756	msedge.exe	85
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87
PID 1756 wrote to memory of 688	1756	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3fcbf6ea100f9d622978ba6a5925e33b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebe7946f8,0x7ffebe794708,0x7ffebe794718
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16522329440870758968,13139987479962197166,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,16522329440870758968,13139987479962197166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,16522329440870758968,13139987479962197166,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16522329440870758968,13139987479962197166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16522329440870758968,13139987479962197166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16522329440870758968,13139987479962197166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16522329440870758968,13139987479962197166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16522329440870758968,13139987479962197166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16522329440870758968,13139987479962197166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16522329440870758968,13139987479962197166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16522329440870758968,13139987479962197166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16522329440870758968,13139987479962197166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16522329440870758968,13139987479962197166,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
15224f03771d0701078c1b2a0e709e2d

SHA1
2411b18f25cbe829cd54b9d54e67cb7ebf537937

SHA256
6acc98ff99e6a8f001d57b312f86dce1b79c2ec9e2b4bfc507e69440de49ae0a

SHA512
f347753f93fe92fd5b1f609cd16c90208c1c2c7d89c7a88d5161cadf2f7d1788297c17a9e2cde0c9888e86fb98300ff8f65c72d5313e43f286f37d951c29a16b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
27dc4f799308ebfa56a68b85f9b21655

SHA1
0b6e53e8a9d5efe8b8e7949494e248b70ed3501d

SHA256
00ff7feecbd934592a7a1a99e6cbdc0acf2af587f4f4e86255f359a58b2f750b

SHA512
fbdbc75b1261683368b54557d5f707499ed3aaacdb9187a221ea6fff2f4f02686cfb0bb330226ad41b2ffa99f9ed7408154cb13c1de05c4bcb529fe8120b0df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25cc92c346731a486070ea10e07dc31f

SHA1
e64af9affccf294035752378a27b85b9d7e18e74

SHA256
fff5a4e34eb63d800dfa0efc97b68757055a7aa91910f88b7e1ed34dfbdf9302

SHA512
969840f49ca28cff20bbcd3a2844e0129556fc524566ea6026c776030f7db3bb240cb9827f39c8b264d22296967509506d16fc6d0771ab2882fc257d66586bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c07325fea37551dc4344b5648fa265f2

SHA1
2cc19653cbb447c5a31e2e0f403b0ef372b2ee52

SHA256
54775809cb048993fb2dd5f78d00c84b97268b5639c876d9860b771ef5af9755

SHA512
74bf5e95d0fb9ce07e95409270076ea2259e420487db99d2fe7166513acb3e4da546e245d6d006493d1439dc273ded078ad9ed1b4c0dfab0e8f2a98b9242d504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13a745878903ac26728599cbaa6f796f

SHA1
0bdd85b5e21b5cc65b4ba2665ab2283774fc44bb

SHA256
88e199c24eedd93f8f8d061c2e0e8bc09d46f0829a48e7651250d9df7e418fe1

SHA512
dc85ea77a953b4591fa4923e2047626388c3dcc7273c4f0e51ba978567635c71a12818f97c6623833ad9c8245afd061676dcc0b00b50b34c9eb051beede36035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d7a5efe74fdd24b5a4834f94d32cdfee

SHA1
3de9a2dfff7b013ba99fa1914e15e3e8244c9c4c

SHA256
6c76d75890c954ce847fe3004d8e9f1b047b756b3808afa55c78ac7d3e33f573

SHA512
d694f213b837dcdce2ed0314580298623d2822f687a64f7a0cc1f53fd938396e9d1e9bfc0897d3f632e7a38a52d77fad4b9d1bfce099cf5434f46cb8df288382

Download Submit