57c2bfbd853267f8797497797f25e210472431eeb8e6743eff49b7790ef70c14

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2024 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

601dec442672877e3fe86316771f3b39_JaffaCakes118.html
Size

74KB
MD5

601dec442672877e3fe86316771f3b39
SHA1

6f18b6de3e9dcfb349e7b74ac7e42c036f1d4f44
SHA256

57c2bfbd853267f8797497797f25e210472431eeb8e6743eff49b7790ef70c14
SHA512

2bdae2ecd675eaecf7ff9482153ac1a4812f75b749c2743fe94fa453beae7b95da64123e8226b7a849fdae564f226c4beac9741f23698213959e546aa4a44fbb
SSDEEP

1536:K69QTy1+2rJMe/bxhy51FFRM1qodshnsr/i6J6MEtuiahyp1:K69c6+2rJMeDxc51FFR8qodshnszJ6Ma

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
1300	msedge.exe
1300	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 3404	1300	msedge.exe	84
PID 1300 wrote to memory of 3404	1300	msedge.exe	84
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1632	1300	msedge.exe	85
PID 1300 wrote to memory of 1964	1300	msedge.exe	86
PID 1300 wrote to memory of 1964	1300	msedge.exe	86
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87
PID 1300 wrote to memory of 4060	1300	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\601dec442672877e3fe86316771f3b39_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6dfa46f8,0x7ffa6dfa4708,0x7ffa6dfa4718
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8998652736243163703,1763710020242209765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8998652736243163703,1763710020242209765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8998652736243163703,1763710020242209765,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8998652736243163703,1763710020242209765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8998652736243163703,1763710020242209765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8998652736243163703,1763710020242209765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1932 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8998652736243163703,1763710020242209765,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
05197e9427acea2ac4dc812f97a8f078

SHA1
3d2a38b79da52e57783360f195ac3e7c85edefd8

SHA256
7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191

SHA512
084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f3945b57cec552d82ebf2fb4e34d0ebc

SHA1
cbf99228e8778c04a261edc284d400b364a621f9

SHA256
ff40964d9a747293f597364ac70f91decb593633f136c245239f319d54981f9c

SHA512
d7df45ae09c0c93643e9056d43f602363fad93f2113497353e7f7028cb56498b411ded5512cfd5e36876181380d6e51d0256dc069356cbc531fcafeb9dd8a3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
90fd100ff0b105a57f4b0dd902f0642e

SHA1
0cf78c17b508947376b0288522cd988a92c71adf

SHA256
a03d2823b8581d8bbb9932f862b546b23ce2b4518a1dc820b48fb06fa4bca5c2

SHA512
1ecfa93f0fa3b4bdfd14e11f226e2b7240c7590a070e544c731f0411ac8822a96df9301b90657578bc6e275050c0588c8e17a051518c13ba8018c062241f623c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a7268162f141fd0d0fb777cfda81bd30

SHA1
6cdcdefbb7bff4520895ded8fb57a7594eea90d9

SHA256
78cb70c1118ad990f5fcf49f9df975be49fd2ca9775a9d651796041b711b2824

SHA512
e9b6639a0ec68def39a3f0071d836cad6c1f6047eec26dc156b9337ce6b94c2262590a1798ea7581241c722b6bb7c692019428c422cb87bc147965325d715ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
47f229f3d22dfd98db950d1b2bff14b6

SHA1
4922e791dd0dc39d3624af4dae182372ec186e61

SHA256
ae7003d91b76fca89a704ee79add9e6cd7908fe6e8d0ac21566f88261f7c3e63

SHA512
5655d8b811e4e6447da4799feb9bed5551948448b389eacd67eaf2d778673128d4557f10a67e373b0779176ac9773f824ef18fe4d98e6bd899ff9c29f35705bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2bb12de40f34400ce4086054321412f3

SHA1
82f68c3aab025cc6458c14ba5a4c17653e880cfe

SHA256
fa73594d20e73ba210b9d48f13952429c96c243b1279053bb396d995564e3ad9

SHA512
0fb2a227f6570e72d328bf6fea75ea49a31c7bff374e1b6e68a1a234f09e81d5a18ed026311556a12180449f7da7cd2bafe321f8ebdd3dad3a8c9f433fc88f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4bf6ca49879c0c7b6f5451285569df64

SHA1
23f55133ffcb51ddab2a319ce915ca5cabf0a2d4

SHA256
cd7ffe453127e6c399c19223261666035addc677e1d1ccd7a5abb84638276db1

SHA512
222386fc1e2a033692c585e8208fde6b51b4c73e1106c75d7cd71c848b79558c06d3c98d315ab8211a66358dab9c4ce56fc5d238d508ceb4ca8d2ea62e7e8d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
376bbb8880d85885c07fe4a1a1b4b2d9

SHA1
ee882a0df40b427b7c775bcdfd765fedb096b309

SHA256
141565065453241a77f733eb4d3c63e99c984fa748967b83eda34fa34a0ad866

SHA512
ea37817e43f182532e71b1eb3c578cd5808db0ed668d197fadb41c65d4637f214d3cbd757cd91f8d0a3280db24253e7bd0fe361055738f61b8cb7105d1433050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
fb9cad68bb8dfc738664c8abb23e28e3

SHA1
aaed872b559854243724570628a2c1f92745840c

SHA256
db138f8a10d6c78984797ddef52959b886fe298c5c022b8e48bc43024bd6e9ae

SHA512
e00941cc70801da1364bdd4941fa26b66de9fab2756357de5e7800b845964cfdd0689d6c83a615149f1556acd2c2a5fb0470d92f83e426d978adc9219c54d731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58af08.TMP

Filesize
201B

MD5
95908ef0a8b3389bf001cb22689e6a99

SHA1
6cd6f284bdd0ca6b8746221251baa0900529616c

SHA256
242f798737dc108ae407fb11ae2210e346201efe9819847cba4ca3805ab48173

SHA512
d8018621159f901f6aad2948a458369e18808bf5f16e6a6b415edbea32f66f8d6900b2ab378d887136dc13a955d6211587848bb27a4ca0dba01d2b9f4b1da2cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
06e2afb62dfdc246f179e78327f22cc5

SHA1
95dbc3bad6b48c3f5656e1fc81f86fcd681b55a8

SHA256
4863cf145e2e9775c8b5f8d84afd7d26e90dc72861f71d6e4afa382e708e94d2

SHA512
b2e0998f500e8a742d8de357642a61d5cf30947444005a31696294419173aa61dc47d61404f133baf280492e1aa2d4e7e6fb0a36546b77f0a3c6928649d9cf89

Download Submit