ae6f3ac89b6e812f9321ba4f2c1a1d92acfeba6b05c1e4de9bd15afc2e763c68

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2024 21:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c0985e71d222fb02df5b89386fe506d_JaffaCakes118.html
Size

51KB
MD5

6c0985e71d222fb02df5b89386fe506d
SHA1

4b2d118bd07ac4d8902c4bc810152b040d0cdcd5
SHA256

ae6f3ac89b6e812f9321ba4f2c1a1d92acfeba6b05c1e4de9bd15afc2e763c68
SHA512

9fc16b55b07fb356fb0fe07d7dc6a0261e857e4bed5030f09aee179601828f48a489b85cd3153c09271f23da13915469788cae66e265a7a2d3a18d374f14beb3
SSDEEP

768:zHNgO6dv4hocgL1L2KshAUoiCZUZ80rIVNPf8oKCGccZdIfQRXZtZEnP29xZwy2D:zHC42JL2rPUUIP8oGzZdzXZtZEnXy8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
3364	msedge.exe
3364	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3364 wrote to memory of 3504	3364	msedge.exe	83
PID 3364 wrote to memory of 3504	3364	msedge.exe	83
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 2324	3364	msedge.exe	84
PID 3364 wrote to memory of 4716	3364	msedge.exe	85
PID 3364 wrote to memory of 4716	3364	msedge.exe	85
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86
PID 3364 wrote to memory of 2484	3364	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6c0985e71d222fb02df5b89386fe506d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5bfb46f8,0x7ffe5bfb4708,0x7ffe5bfb4718
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
05197e9427acea2ac4dc812f97a8f078

SHA1
3d2a38b79da52e57783360f195ac3e7c85edefd8

SHA256
7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191

SHA512
084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
076b77b83d14cf71be5c94207eeea96d

SHA1
5c077f9e2f98fba111427386bf61f765dbb35a63

SHA256
d12dda20eaaffb39bf56799a1f3629aebf9406d241b74d31799e631f5de3e585

SHA512
d5e5bdd05ac7b227bd0464a0dba52b63022294286d17b633bafd989a8a7ffcf7a30f1e022b01a0c133c47eab8ed1b7311e23798bc99f643aac1c7befdde89c43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
4775186b2dde20b179dfba376239bed4

SHA1
46950d23ba080b3b56e3d02e0e019fd9b47e1cd4

SHA256
aba0c912e4e0c6bc14e7fe669273e3f55cd554446e1c3f69da7ccc8e7c90ef68

SHA512
42b72ee19e39278d10bf741614240d11a166d05ed01d84acfcf1e89514aee9dad3b835d9e9140b4d12cc8f3d8950da0465048e9d353fbc795d274b5c791754d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
97258eb350a932dde1b4a6adc0fb89e5

SHA1
aad75c80e85d41be5f6fe2b676056c490d578463

SHA256
b2c47f2f1403f8ba95ee40d3066b3ca9a8275fd2412c3ee2d13cd1b1f71e13ed

SHA512
60928c45f018b8222618f42fec8d07c81c346ace5ca188f25bc45250c1124c0aae5c39d8605626fa3ec0b38f1aab53344c0b2c932039cac24ef6fd450776405d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3d400ba9daa2d343e0fb4b9933e344a1

SHA1
6931c83be265ffeeec258026783cc9e9d9fa2cc6

SHA256
4a595f2d5da4e160cf2fd2d9b423fe8b0abf6762daa07caedc3555d1062d9045

SHA512
598435e75ef6d201c001ce3fa5e09a7dfd9ab50404efccbce39fca76feae0df14dd80a2b65a60f209561b6f4725dfa2a90bd86b1ab575ba3aad1be7fb28a5a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
423fabdc51bb2cf535c963cf0bbe0e2e

SHA1
f54bf6ed3fe4ac750c4ecc7ded7e2eb38cd9452e

SHA256
42aa2b01941572c11c332e4bdd24e57d98e4107de0c11cb89045535cfe1f86f1

SHA512
3216fb130dbd6a8f0aa289d0828e846b6cb84ab08b46b34b3af5594920dd873dd379fd21789a40c18689072c4f7d3340e1bbf0f2a1f786ff9b74814de7e160e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
49fdb8500b8d6b034f80712eaf093837

SHA1
9f173abd41993e2447340ad272dc9dc136d6c9b6

SHA256
840504652f3c842d4529c516e70faa3859b81ad961eca1a8069387bd8a2e022d

SHA512
c7f31caf184dac0e8677ea164b1b3c88ca98e2fb03db11fd74d0fcd76a0a09425474d6c07750339ab1e600b799dc367ce64143a378056b405b0a5d5fc02a8a3a

Download Submit