765fabba8fc3fdfed3df5b9a3e60910df4c37931ca032f08274b59988d3dadc0

Analysis

max time kernel
145s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54751b416eae7b6157e213d01876e906_JaffaCakes118.html
Size

21KB
MD5

54751b416eae7b6157e213d01876e906
SHA1

e28dc074ee0f52dd8e06945dbce4cdc058205f92
SHA256

765fabba8fc3fdfed3df5b9a3e60910df4c37931ca032f08274b59988d3dadc0
SHA512

fccc2381d4437463c29d7b7d64e3d2e03d0a14aa946074da7279ba1edb59cbd244e04eaba997a61cba080603ecc082c49cb6d7a998f173a5b465389c39cc1c24
SSDEEP

384:SdnqxXSPTueJEtQ3LSLyMBlyq5LkXL6oL1XLK1O20alX9ciLP0Kaloot:Su+dOt9l5Tm2taNt

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
640	msedge.exe
640	msedge.exe
4060	identity_helper.exe
4060	identity_helper.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 4244	640	msedge.exe	84
PID 640 wrote to memory of 4244	640	msedge.exe	84
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 3076	640	msedge.exe	85
PID 640 wrote to memory of 4520	640	msedge.exe	86
PID 640 wrote to memory of 4520	640	msedge.exe	86
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87
PID 640 wrote to memory of 2768	640	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\54751b416eae7b6157e213d01876e906_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd9b146f8,0x7ffcd9b14708,0x7ffcd9b14718
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,11451891361619596026,9952188996424397740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,11451891361619596026,9952188996424397740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,11451891361619596026,9952188996424397740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,11451891361619596026,9952188996424397740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,11451891361619596026,9952188996424397740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,11451891361619596026,9952188996424397740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,11451891361619596026,9952188996424397740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,11451891361619596026,9952188996424397740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,11451891361619596026,9952188996424397740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,11451891361619596026,9952188996424397740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,11451891361619596026,9952188996424397740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,11451891361619596026,9952188996424397740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,11451891361619596026,9952188996424397740,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
5171a8af768320f4cc6483e62dec677f

SHA1
87b829462bc603075ab4b82ee02e326001e759f6

SHA256
adf7f2730c2d6e67b6c3a9a41faaec61ef4be89a46eba460d0525298e932c09e

SHA512
378bbce690ddbbf58e735cc39f06f97097ca40d529e76bd33c750fff75f211117e1f7a986576b5a969110b31b77bc27db7c0d24443ed9a929664626c1383ce21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
643B

MD5
1af0d9dc7fc56e1307fe27b8611e2bf7

SHA1
f215669b09f744d92ad90eedbf36d566f48bc534

SHA256
189a16a7467274d503774c3e04f042b83dc66e3b7623228a4cf2f8e72e250f8b

SHA512
6f107cb0eaf3e6ab6d817113ca058641c5d5a686b922ff9d9df69084ece153f601a585dd00d09c1d9c3254bcb9f24fd339fc9ce30949b52c727154ce698397bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b97552f0e55658de004c35f66a9e78e

SHA1
23c78e230df95ff0f73870a684d383c024e9928c

SHA256
e8e5fa2d845e3d66d635048b422b9d6e565b3788221c95a48988a418bad9b037

SHA512
3ae32417392127feb5c77dcd70544178ee725adaef78a005e8c4dcde66b028788e7c81666b47b5386bc918dcefe8df8ebd9de51eb8f987cbffd88ab20bd5efa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3ef725eaef22913f9117cdff7fc0bea6

SHA1
0da87986b18cba4768b01552919d2af2bdd332a7

SHA256
73b8de561a82c00ec56d99ae9380903ba79101f26a79b311b17baee5c5d15217

SHA512
6b667d4565a86191cbb1bae2df6389b7f3bfee88b0de3e255320022bbc5b6944cf99034b02a64aedfa9e2d29740c5228e396ec6d2f884a0dda2e789621e8f252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d538e7d028ca5ba74581f6f2944523e1

SHA1
fc3fb05f19b589777f3ea7be10ccce091c648273

SHA256
3eb45a49af43587e303d58cbd03b42278e54a07240fb7c337a077386d7fd0102

SHA512
94a8d4bb9beea5348b8396694009098210003633b721133405461ba60f3f4ace60234ac05a19dc1d1c596a2d3984b14614b907fe3bb3be2784e215d2eef89fd4

Download Submit