e894fb621d1040a8a78e970d2c13b454201009efb6ffcb75b13c46e158095a63

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2024 11:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

621f200b672f059b23c26a745d213d24_JaffaCakes118.html
Size

82KB
MD5

621f200b672f059b23c26a745d213d24
SHA1

c6cbf7b194af0a5228c43a646b16f1eb4c23a9a5
SHA256

e894fb621d1040a8a78e970d2c13b454201009efb6ffcb75b13c46e158095a63
SHA512

829e76a87fd5e45feb00096c8dabc71bddff199104248a5676d642fd395944741350c91be7cfc75f22944f6bf199580d6891c5a7f413c5ffa62222fa827d8bec
SSDEEP

1536:zDfxCZb5UdcN3onzkvDwzg1AJS+VGxC6LA7qpBL:nfxCDU2o4Dkg/a6s7qpBL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3556	msedge.exe
3556	msedge.exe
872	msedge.exe
872	msedge.exe
4544	identity_helper.exe
4544	identity_helper.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 5008	872	msedge.exe	84
PID 872 wrote to memory of 5008	872	msedge.exe	84
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 2980	872	msedge.exe	85
PID 872 wrote to memory of 3556	872	msedge.exe	86
PID 872 wrote to memory of 3556	872	msedge.exe	86
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87
PID 872 wrote to memory of 3808	872	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\621f200b672f059b23c26a745d213d24_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1cde46f8,0x7ffc1cde4708,0x7ffc1cde4718
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10484649002674362844,9127667677436485952,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10484649002674362844,9127667677436485952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10484649002674362844,9127667677436485952,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10484649002674362844,9127667677436485952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10484649002674362844,9127667677436485952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10484649002674362844,9127667677436485952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10484649002674362844,9127667677436485952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10484649002674362844,9127667677436485952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10484649002674362844,9127667677436485952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10484649002674362844,9127667677436485952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10484649002674362844,9127667677436485952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10484649002674362844,9127667677436485952,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10484649002674362844,9127667677436485952,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d08aa63380f1d7e6b5959674566613c2

SHA1
e69cd3861d3fa9a1fcada86cf65b8d190c8c1d4d

SHA256
e7c90edce636956ffd09e469ffda39dccc9a2511cad245572a35096621ded1bb

SHA512
52c47031385a6ddbdf910ec1739da7ff6fc57d2e12773a30a7c897c356dc7b3ed8f8a2ae7bb1e1bb2357e0e408c5cb4ad985f7919c312c221cdc6f1a32569ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
078a7f8e0c704d70b29b945d2bc9748a

SHA1
7fcdc018b57f5eab650f915faa5607e3a3105dab

SHA256
2f3c93b415a63849400e9080b39e65c0e5940f3ddbece2d6b61175a6f38be209

SHA512
30f6a960088260386abdf755f16053247a41d5c733b9ef682a1a95719089d6e38d81025e9a535b820bf555ab643b07cbf7dfcabf7abe80f379e051ae8d332fa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3a084bb69a4734da8c770efdabe4a349

SHA1
e7601f7e90a3c7f610499bac01ae4b7fca6599cf

SHA256
df3ddf36dc5d87cee96294ba321e4ff0c6de458b38b9c60fa9baea1ca3cd7bf7

SHA512
b61c211baf7019bdab325c4f1b303249ef415065017c67e32d3b4870f8c5ce6703346a2b03287a7c19f8129c85e4ce027d5848bbfabb35de3dacccfa3312a8a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22cebef4500194a46b05b8b770972ec0

SHA1
f8ea3098dfdf768e9b37368806c7e7d14935704c

SHA256
e4abf5e4d1f819b105bfd0af9f344c4ff3abd207c34803270d4be4706ff58ae9

SHA512
c41d4541dff6bc26222d22e60a5e5f40890c4e10294ca9f4b09399baed3bece33d76657ca56ba4edd6e20ad910754347931314593b838c0d5d084fefaa7ed1e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
199f9e123ba939564b35c1271d0c51c8

SHA1
0f410180388369affe6a5b2b3bb622c2aa3bde4d

SHA256
ef6a2c53c90530928cecadbcbe1e03e44f54e88c2053f694aba523ca1253724c

SHA512
16481150f58c83300d5101d33d447d5b9b3e327d804cac2ce4288724f94bec6c1c01e9a957eea286afac8a06a059d1546dea4addfd230e9b65d9d0d8a07e03aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bff69e795385bbab0489c55921bc3ed0

SHA1
d4150edaeee4a16a6ca2d862973ea4f12ca0ece1

SHA256
38c66a61b2c1a4eeeef7e509da0119a929bc3efec63ab428128ce4f233e58f25

SHA512
69eef94a2ad9e3ab496be7acec9cafc149539b66f35a74d26f8ff5808d30f6bff1ecc47832fa9f118bae4b4c6396334adf0a054498fb856256677d5d72c9f4f4

Download Submit