1c2fe7dfca184c31237e446c9f589db266c72c3eaa97cf09457cceeb21ea3f98

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-10-2024 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a1644a5492a150ed6ae33d91b73a5ea_JaffaCakes118.html
Size

120KB
MD5

4a1644a5492a150ed6ae33d91b73a5ea
SHA1

b76ed11ffa6b33d7a227e75a9a14a89a64128265
SHA256

1c2fe7dfca184c31237e446c9f589db266c72c3eaa97cf09457cceeb21ea3f98
SHA512

633637cc948d9438724c281c3316c51eb23bb94819470dc28c37603d6010cebf852ca7503a31bce1c6585cf85b3cac4b2b46b42114bd489dc70cbefdfce3aa73
SSDEEP

1536:uKWV/bjG0CteQ+dnr3YX4Wkt/GxOHs6j2eu7BzhWgmJZ0cYlWIhT4zt8k9NR9Phb:8i0ELX2zt8aNRLudW+8EnpkIR8rLFtN

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3556	msedge.exe
3556	msedge.exe
3232	msedge.exe
3232	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3232 wrote to memory of 2832	3232	msedge.exe	84
PID 3232 wrote to memory of 2832	3232	msedge.exe	84
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 1392	3232	msedge.exe	85
PID 3232 wrote to memory of 3556	3232	msedge.exe	86
PID 3232 wrote to memory of 3556	3232	msedge.exe	86
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87
PID 3232 wrote to memory of 1552	3232	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4a1644a5492a150ed6ae33d91b73a5ea_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dee146f8,0x7ff8dee14708,0x7ff8dee14718
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1120368481112896256,13654528636819448033,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,1120368481112896256,13654528636819448033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,1120368481112896256,13654528636819448033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1120368481112896256,13654528636819448033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1120368481112896256,13654528636819448033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1120368481112896256,13654528636819448033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1120368481112896256,13654528636819448033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1120368481112896256,13654528636819448033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1120368481112896256,13654528636819448033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1120368481112896256,13654528636819448033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1120368481112896256,13654528636819448033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1120368481112896256,13654528636819448033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1120368481112896256,13654528636819448033,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
d63f0d72146f84dcc9d425fca3eab3f3

SHA1
fab6dfcd8c986e7303242d6a831201a2ad37493e

SHA256
836b440793a312afb5a400753e543ba8006d117be3b1a63c6c41452c48f4afae

SHA512
26081a798f967292c9978558bb872266eb612cd4b9aaca66812f586a012ee671fcadf45820bdb80f1dc80e41d921ab8dcb2328a907dbb62ed2dd62a789a45553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e5c9c15f431f247ec2d54980e6016a7b

SHA1
ad5e568e1514647e0245f5af3ff64b7599a6eba2

SHA256
6cb615e0b6318f747e68f3c8085a517b9f9f4bb75550631e23762905bdae5d25

SHA512
e647133fdf158f2f747188b88d81e766e51c8f8ef6d67b5f5adafbec74b3845c70d86c4a8d6e117d15b785194459205cbd969bdfd0153e73fa6c002649259986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b0e75ff09c0716dc0f6fb4e819bce7fc

SHA1
f7b594a6357178edf87dda275b2126b3ea0e8683

SHA256
056c42cc0ee9df963f12186e3de60a77d060c92bf71eef9c39ac1d2bfcb4be86

SHA512
080e6e3dc71e804c2af64e3b07ec270f7dc208b25e16f0890ee5be0257993d3afc70580800bb5ae980bedaa734167d4218bb26eb973fae77823b81150c9e0c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81a3b7644c7d9af7861ac7b9cc4f651b

SHA1
78d196b581695b98139572a71f0745ec9e8619a6

SHA256
21bbe0abc36fe0537996f55ac76215485f20e8ae3702a1535f8c7642e910cbac

SHA512
d0e9f837d1c26e8fdf6f57aeb8dd083d5405de068d4085efac439e84f73dd51beb9d4d2acaf4e10c61cfbe76c47a983209321088635459919395fdb4e87b2b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
69a0613e5bfa71b86d7d78bf83afae7c

SHA1
f4acd03d64d474cb30da329765670479310a2db6

SHA256
0a81d2393993275b7dbc8b3759341bd9d61cf0c1ec6e1abb4574e5c2f591df37

SHA512
c144887191edc9c865b9c392dca3d99b8d76f6cc09a5bbfbbee832d171aea8deb3ce574f3ce04a4403f78379bb13756345eda49ee7308cfcfb235a64ecce7a67

Download Submit