670a87aac50abf70c61d3861a9b0ba5861d8ce90b4fdc9f8241637b956151efa

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2024 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40c03b5990b8d9bacd19b762c8bd41d5_JaffaCakes118.html
Size

541KB
MD5

40c03b5990b8d9bacd19b762c8bd41d5
SHA1

8f9fbe06e0013aa2286f08871e9eb1fc957f6559
SHA256

670a87aac50abf70c61d3861a9b0ba5861d8ce90b4fdc9f8241637b956151efa
SHA512

4c6d2d512bc04660bb113ad4e4b69e33dbb1861cdecee1a5a597a7449a5c6b9e94dd8d7dce51993fdfb6226d98a47d3b9f37970b7a2cf7cd154edfbbf245fb1b
SSDEEP

12288:aTNzYLjWl1wNU2j3bKqDha2U1rmwSBq2tt9klLIVbyjQd+q+xdkz0WFu4q96LrMe:wNz4KPqv7uk8RNZg1r2xC+0IHbQhQbkr

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1296	msedge.exe
1296	msedge.exe
4804	msedge.exe
4804	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 3344	4804	msedge.exe	83
PID 4804 wrote to memory of 3344	4804	msedge.exe	83
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 2064	4804	msedge.exe	84
PID 4804 wrote to memory of 1296	4804	msedge.exe	85
PID 4804 wrote to memory of 1296	4804	msedge.exe	85
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86
PID 4804 wrote to memory of 2444	4804	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\40c03b5990b8d9bacd19b762c8bd41d5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdc9046f8,0x7fffdc904708,0x7fffdc904718
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,985322045774821441,1289293172078206315,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,985322045774821441,1289293172078206315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,985322045774821441,1289293172078206315,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,985322045774821441,1289293172078206315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,985322045774821441,1289293172078206315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,985322045774821441,1289293172078206315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,985322045774821441,1289293172078206315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,985322045774821441,1289293172078206315,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
2136650fd0594cf3fbc40ab2b5f6decb

SHA1
02181bc7686e3dfb1d90f911987de5872bd57310

SHA256
5ed47f062d03df876ebd4dbd1411cd3d5a657f85c319618220e4256217a62b34

SHA512
0beaa01bcdc3aa58315054322cfffad24a297c67e5e5d27f898127af103d8a8d46d845a377528f5140699c0918480b7ab9f8adb42111e8288eb2350a352c283d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
a308cee5a1f9c836c428ce0bd17e474d

SHA1
c7ae578f0ad26839f2822081152631a03587023b

SHA256
1d9d8e162dd42026bddd392cff7879f16bdcf3a4101c0806c176302a72153c2a

SHA512
04019689c89036a9e64a3b4c6855b61989d2c7c1c8953c72622bd224fee9fdbfab1fc1ed1d028f5780849424a7819be006586e71a03ddd925db276c77eb83a42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5211b6b847d7d752d28d0b4189a9d32f

SHA1
19e4ab0c762d7b6b6cf66cad75f32b83e63c2b8e

SHA256
ca02c64c4e7bf915d7a8ee802400e6944d3d31379fa6f771b447ccd7e06660c6

SHA512
8b552a7bb1978cbb34acd5d8fc5a63dc6af3bc1994064223e4bc6d1bd6eb1930a36228bee30dc8871ab3228ead4aae3c2fded7066bd26dce2032c6245dbc115f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a4f353ba456d8c9231fb6a2710dd1ae

SHA1
dafc734a383dc40bd4a60cf80e137f612972bb4d

SHA256
06ccbe928756f0098d462d1aecdbeed59bb0791749bea5d2fddc39110d255c9f

SHA512
4c3f4c8dfd6b12839a8ed6197ce8638b79d242781d3c9f3c57c97ea2cf944b40f6781e42a01dd700d361408981c423923ab49862dd45fb194e48ce335e35347c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f7ffa6dda461e54158254c082998721

SHA1
f93b9573fdbf4c1a05403d031a9a8d449d220f36

SHA256
12dcdda39b2698cde3a78662bfcebabc881b14713055d35959efb12f0a4387ce

SHA512
a3d54e7cf862920241ca0ed2e5077a2f61384308325271f1a08f9dd96a6af085a6de6f3648283187166f01ce3b9f4b9a5b5ff194439633d9f4ff476fc20f1ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
f67e1195afa2f8a0965b3959e9cf3cef

SHA1
5fb807eadc7d1f368b2c287cde761b45e591130b

SHA256
40c8ae26eb9d721166fa6d8829d3e624ec7691e2d211fea46b12d6b2451048fa

SHA512
cee7f324143d6799eea85609552de8fe00697f58e5f99accb264bd45cf54c71adabceaa7692e1681f2637986954d3484c72a3d275adb762530c31a4603698d6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580395.TMP

Filesize
370B

MD5
f77516c62a72500ab07a79e06083bcc7

SHA1
a0824b4b73c6b07f9879484544a0dfc128d35ee9

SHA256
c0a38cc39f73bdd504035d54ec5c3ca20d80fd472c2c597771d0f7b05fbcb353

SHA512
891a1ee64949778a6d2fadf327cea83b1ebae58fcbb3d361b6884394ba380b4bdff7bc55dfde6906efa70fa128bdcced700bd7f3c5ac8933a1f1c8af5b0e0e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
13f4b9bc354aed85edaddb0da11c57e7

SHA1
672280d20217e1c9b80f19c5d6ffe2f325245cc2

SHA256
b3fcb177d61ae1a390edcb4b089cee156eeaf7959eb1b70c46da370f0e98a7e9

SHA512
874ae247d9ba39f0fb582e95605ddcd9478ef356f6d1a917d324902b0e26ba99951c8d40afadc5833ed72304b704651a880e4fe2b214f6dc2ff7477c3d0bfa7f

Download Submit