390621c7f0c9b6515c928bfe15fc9f33021621dab17c4a16c5d26ed5e0fc33bc

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2024, 13:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5244d91c8a130d6afad87cf31ff1c659_JaffaCakes118.html
Size

7KB
MD5

5244d91c8a130d6afad87cf31ff1c659
SHA1

562f1ad34b14d86d5ef64e87fa730b814754f694
SHA256

390621c7f0c9b6515c928bfe15fc9f33021621dab17c4a16c5d26ed5e0fc33bc
SHA512

30784467c033e7dfb60eaa49ed7c64396717c9a06ab63d814cfe3b0d546feffc86477b43d8d3f35a3cbdf9b7a12722d34caf2796840a77558ef1a216a338383a
SSDEEP

96:SIpdf9NBXYwoZpbprnKvKHIFvR1dRjcRC:SIDl/Ywy5dfI3vxcg

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2784	msedge.exe
2784	msedge.exe
316	msedge.exe
316	msedge.exe
2376	identity_helper.exe
2376	identity_helper.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 3292	316	msedge.exe	84
PID 316 wrote to memory of 3292	316	msedge.exe	84
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 1148	316	msedge.exe	85
PID 316 wrote to memory of 2784	316	msedge.exe	86
PID 316 wrote to memory of 2784	316	msedge.exe	86
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87
PID 316 wrote to memory of 1832	316	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5244d91c8a130d6afad87cf31ff1c659_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7fd646f8,0x7fff7fd64708,0x7fff7fd64718
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14796127672519594666,5003979133971827643,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14796127672519594666,5003979133971827643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,14796127672519594666,5003979133971827643,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14796127672519594666,5003979133971827643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14796127672519594666,5003979133971827643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14796127672519594666,5003979133971827643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14796127672519594666,5003979133971827643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14796127672519594666,5003979133971827643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14796127672519594666,5003979133971827643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2684 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14796127672519594666,5003979133971827643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14796127672519594666,5003979133971827643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14796127672519594666,5003979133971827643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14796127672519594666,5003979133971827643,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e3f48035dc3ef44b9c80111136850b61

SHA1
ba1bad427520589b487f2764d833e794174f663d

SHA256
5ff638b3956903afc59a45f8acea6d04a30db94a9dd9c7d4bfbc1e63a1a1e099

SHA512
ef3947ea551910d3b7fb5f4b80bba81e8c4283de9a15c32f34b76b62bace0f6daaa6430c4b448ce9f6faaae9ac53fde96912a6d88bde1f87ec0d14fc6b6db888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
182B

MD5
9142b251885531ea20ad790f115ee80f

SHA1
bb6c5b9641a2c59b86e2cd01febbcde2357fb68a

SHA256
2fdd7ce8cc41a618d93ccbb41ddfaae5c629e970f35faa4dc5c1f2161c27d28d

SHA512
23899fb4fc810ea72300ad7b817bddac1b7a8d931e7097ceea6a342d12ef70065138812c8324b3aedffe8dffda4eb64f347e989840ed227a7f5fcad84130bedf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b087ef50c6363669f1df7f6d4f52e1e2

SHA1
72b6a8e84c6af69e7ee4f3bb432ccf1d608a0ab2

SHA256
077ec3f8d0a8ffdbd47a248fc5d639b2fe81d7554cdb0da2b83fee4b82ce78f9

SHA512
34f49ff84c276ae76be89aad6b771318365e48efb38545d53eb7316d80b7aa0f6e24efad3c74dc33f9ea01d7086d58af18dc1670741c2b5366da013653393fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39ba785aededea85d465a3c64b523399

SHA1
89c843da15c40ebf171c3004f39779d3e91d939d

SHA256
a2db3a4188e7cf8179d36d83c6e44bbe0a4297af06cd75a2bfefe811381f005c

SHA512
888284f3a6d6bbe7010f0016d020fe0e8b80ad95e27084343d78e5a5761eaf5d871732193d4f9867d4ac748ccc2334cfc560d64d1d0d5cbed043f67de586b0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bdc51b2c7e235c675ebfb01f4429c33d

SHA1
4ff7ee9c0940215e97849ae1891da9884397554f

SHA256
8b6164353daa0f7a622ff6e5ec91ad458948a1459dee5c29cdb62ce5721e3199

SHA512
3826b141b6ad5f42f1fa6e3bd7f68444c3c4977add8d8a1533e7499d1dcb15893f441d81c5b9bb042c1d029ba8f96b10567e2a5ec82401cd5889f678e0d8efdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
77abaafb744d5cfe4852007df022ce06

SHA1
7c7bad4cbfb0f54eecb51ef2d7f24781cc48f212

SHA256
dafff424c1f41ff46cbf1ce096d343daa51650d4343c088138d16a3758c91159

SHA512
5ff45a66396005b1d48efcd17ee717913b518cb9d83a600e9cd8deb8fe3c30480e882bdee59957b73f6c9442ea074cfd29c5dc0cd9452e966eb786b728d1093a

Download Submit