bd6e47247bfecefbc48f8d30e717878b351cc7e170be42a6a20ebb891e5ba4ad

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

571e3caac81a5bc4653faffa4b42a92d_JaffaCakes118.html
Size

31KB
MD5

571e3caac81a5bc4653faffa4b42a92d
SHA1

28cfcf57f357ce3b21c709845a8bc571a80a6cad
SHA256

bd6e47247bfecefbc48f8d30e717878b351cc7e170be42a6a20ebb891e5ba4ad
SHA512

897a6b2df977e5a26a51805bb5885d5786529c346de60df34e13183e3c7ec415921cb1a2763a1414cb4fc1aef6da6f082dcfcceff9c7d968dbe01697c03f71a2
SSDEEP

384:Jda4V/HkloMZf1znnnNvNyLfNvNyGn9RNvNy1nnrNvNyYnnDNvNysnnlNvNyAnnm:JtV8f1znOn9gnVnRnTnV9Kihgq0vl

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1996	msedge.exe
1996	msedge.exe
3004	msedge.exe
3004	msedge.exe
4668	identity_helper.exe
4668	identity_helper.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 964	3004	msedge.exe	86
PID 3004 wrote to memory of 964	3004	msedge.exe	86
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 4860	3004	msedge.exe	87
PID 3004 wrote to memory of 1996	3004	msedge.exe	88
PID 3004 wrote to memory of 1996	3004	msedge.exe	88
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89
PID 3004 wrote to memory of 2932	3004	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\571e3caac81a5bc4653faffa4b42a92d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf3dc46f8,0x7ffaf3dc4708,0x7ffaf3dc4718
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,15113674806066757678,4288735304696040091,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,15113674806066757678,4288735304696040091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,15113674806066757678,4288735304696040091,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15113674806066757678,4288735304696040091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15113674806066757678,4288735304696040091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,15113674806066757678,4288735304696040091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,15113674806066757678,4288735304696040091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15113674806066757678,4288735304696040091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15113674806066757678,4288735304696040091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15113674806066757678,4288735304696040091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15113674806066757678,4288735304696040091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,15113674806066757678,4288735304696040091,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
641B

MD5
74bb0bd62a302010126b3987d14f421d

SHA1
56018e8593a3277d86cf311aee002188bce450d1

SHA256
9894c3b35376bcabdfd8071659f81df348b79abd3b533e3f33862200c3188176

SHA512
5f69fd10fa67d5ec123817ea5f0d23d6f78b99f403a67b93ef0bca0603cc3bbf72f8c6511cebc128b941cf4cd25cc1af3fce53f331fb6371e6cf92595a4bd395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e956da7bbdb8e3bbcd6d1a6ab756490

SHA1
7684acb9299864b17250c1825ca27b8528ae0ba2

SHA256
79aaf8fc8a21fdcb5788a4a7b603a20e8281b63e6262e141eb773931c0c9253e

SHA512
259f6e8b57acccdc90bcdf647d208bf8024f8b25e5f580d96841bc511e40cdac15820cec265d440d0a656caf04dba2eab334de31178f534be4104366718382ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
44410f82d135c6f2e6bf0916a14308b9

SHA1
56b4b201b34fd3983fc7dcedfb0cd605b65596f9

SHA256
9f7849f945fd22645fde85432cacfd49ad178636604651d00c53094cade62313

SHA512
11d1a3b32df374489b7da67b36a73baa57b3b129fac491d184f813606cf1627772b68c48a36e0d116fcf0044dead9cb12b15fca7ffc67aa87f00b62062cac065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
973820cf00715b69186cb39d9d8be9ca

SHA1
089e469ea0a486e17677d58adc1b2123e2604f29

SHA256
6ef31e97ca9864684555817720e68a3cb6b427fd43de68d2db5d172844c280e2

SHA512
2ce1dad250fc0141b27905ae89e1e4cd1ca4f51ef6174db5fb2ea46e9c1925ead3d46d59152c2f0f9af7ecefd1bec2976152ea506b5c19b09ca07ee9cf5194b2

Download Submit