74cfeb24642a8e6bc1dfb90c80b44eaf79a2a5d6c41bf9862b6880506f0cf0cb

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

421a5320e384e9a2dc159c8d678367a0_JaffaCakes118.html
Size

7KB
MD5

421a5320e384e9a2dc159c8d678367a0
SHA1

1ab1ae2e0304541245cc8d6a3062602d8c852a83
SHA256

74cfeb24642a8e6bc1dfb90c80b44eaf79a2a5d6c41bf9862b6880506f0cf0cb
SHA512

fa863034e4f3efe8bd97c5ad68b2317aac2ea52542f93b8b69ac5a5b9b0913be2944bc615ed04a082d268833a2c29314d8cdc25a8184d0cf27fe47c5521a2343
SSDEEP

48:ImMq1Up8vmbBs1GgAiEgVr+CflxYOZAyNGWBXtz44xt5YWDrWN8c2zx8LxWi7zgu:SIzf9NBXYwol26xZwIuzqStS1dRjcRC

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
524	msedge.exe
524	msedge.exe
4924	identity_helper.exe
4924	identity_helper.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 524 wrote to memory of 928	524	msedge.exe	83
PID 524 wrote to memory of 928	524	msedge.exe	83
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 3180	524	msedge.exe	84
PID 524 wrote to memory of 2008	524	msedge.exe	85
PID 524 wrote to memory of 2008	524	msedge.exe	85
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86
PID 524 wrote to memory of 3536	524	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\421a5320e384e9a2dc159c8d678367a0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4ce346f8,0x7ffe4ce34708,0x7ffe4ce34718
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,11906799983371240821,16716536981471520490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,11906799983371240821,16716536981471520490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,11906799983371240821,16716536981471520490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11906799983371240821,16716536981471520490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11906799983371240821,16716536981471520490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11906799983371240821,16716536981471520490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,11906799983371240821,16716536981471520490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,11906799983371240821,16716536981471520490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11906799983371240821,16716536981471520490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1332 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11906799983371240821,16716536981471520490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11906799983371240821,16716536981471520490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,11906799983371240821,16716536981471520490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,11906799983371240821,16716536981471520490,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5400 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
2c665c046a869afd5e424fc278847272

SHA1
3b2fc57f939781a3cec055aa85e6f7d81a590a57

SHA256
b0b32b44a21f1a5bd27bf7efcd96790607c4e3b5eb0eb586aa1e89a06fa2e20d

SHA512
6a730fa3d38cdf6b486100e4fbf572cb493e428fe1e1e256e93660dcf09862c98a1fdb22b328b1bc9120711c6fa0aed887ae38020c9093fabea42cd0bfe7a7d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
182B

MD5
9142b251885531ea20ad790f115ee80f

SHA1
bb6c5b9641a2c59b86e2cd01febbcde2357fb68a

SHA256
2fdd7ce8cc41a618d93ccbb41ddfaae5c629e970f35faa4dc5c1f2161c27d28d

SHA512
23899fb4fc810ea72300ad7b817bddac1b7a8d931e7097ceea6a342d12ef70065138812c8324b3aedffe8dffda4eb64f347e989840ed227a7f5fcad84130bedf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ac9737949fd297558cc1acf58783dcc

SHA1
44ec4be74f9bc36b161d1d53f2176d57837338d0

SHA256
3e3b2305734ea3293937796c9d6c316339dcf34cf3a01e4a4f2ff66a8c2e39bc

SHA512
06fbc9c3f7adc0862e44d4a2b4a227f25a5931cd367971d09992808b230627999a50a5a480f1fa685829279b43cc94ec8bd3226d5bc4e40bd95b2b43d01e5bdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5504b19ac8f8b006a406fe872a50df71

SHA1
90ad4d698d194e4dddd71a7609dc0456e962e620

SHA256
7bf5769ebcd5381984aeae1ca727e9bbdf530f5b0d602cfef46c58b958fd301a

SHA512
9b37eb1cb115249342cfa2a5b06afb710e94033592cfc507b4aa281036f7f98f658eaba27132850c48a38e497ba545d01eddc90b911dd49b7ba56736c13e9c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
92db1410b56fe1b6595683df7843e3c1

SHA1
de807dd3815ffcbea0b5d6e8f235fe7912066f17

SHA256
222c7cdd2d6bcb37805603185ab2f86e3e55a925b3ff54798e764ff3f2555e73

SHA512
72a0f6610fd9673da4bee1a020b63530bc9691b54ed352c3e517ec90da5581c04764cac731b5c14a0ab6d99812351c3e243cfc61316014636094fbd0b8403d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ed64df8e4ba520e14c7a30871b2c9cae

SHA1
1cdc86a40113e170f4f1090a0d132182775b2197

SHA256
8a6b2208f25cdfb8dc4da45c4753f93869c9315b62a78fdd5c566f3166391c72

SHA512
2efdae9688f8e406a1d69b76d2abd78ddd384a71fe6964a80a50f9309f7daaf567c23a7946ca26f01752bf59017f2c144d69f68871d4912a83f1bb04cbe9feab

Download Submit