8aebb036a4fe45f5b031022bd11ab4fbfb86f7f8b970c70d5145a25cf4aae033

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2024, 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77f9b56a2e6f264e978088a13229b8be_JaffaCakes118.html
Size

160KB
MD5

77f9b56a2e6f264e978088a13229b8be
SHA1

04cbbbc9236ac841b9a9a6abd66a6ad8611d9e19
SHA256

8aebb036a4fe45f5b031022bd11ab4fbfb86f7f8b970c70d5145a25cf4aae033
SHA512

96776948596cdca6441b85f049c2f186478cd0fa28d11ac3e2d104263bf17d76fadbd49caea3edeceed762f5bf00ab917d45231ed0960c2c5ea9f3c4892d4c7c
SSDEEP

3072:sAchEUcjvG8rMdcXmNRSf3XD1E16s02Fdjmm2Jk6V8akzJt8aNfsikBodDhL+EQv:sAc6rXmNRNakzJt8aNfsoc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
2760	msedge.exe
2760	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 752	2760	msedge.exe	84
PID 2760 wrote to memory of 752	2760	msedge.exe	84
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1084	2760	msedge.exe	85
PID 2760 wrote to memory of 1412	2760	msedge.exe	86
PID 2760 wrote to memory of 1412	2760	msedge.exe	86
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87
PID 2760 wrote to memory of 4572	2760	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\77f9b56a2e6f264e978088a13229b8be_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8885846f8,0x7ff888584708,0x7ff888584718
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4292851110176091408,2694908186854632013,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,4292851110176091408,2694908186854632013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,4292851110176091408,2694908186854632013,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4292851110176091408,2694908186854632013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4292851110176091408,2694908186854632013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4292851110176091408,2694908186854632013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2164 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4292851110176091408,2694908186854632013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4292851110176091408,2694908186854632013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4292851110176091408,2694908186854632013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4292851110176091408,2694908186854632013,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
23785d53e9d969026c02d00af4d2cfad

SHA1
3eac5d6fb03acf8303caa07475176067445060e8

SHA256
286f85b0339bdf7f31476453802848230cf757992b85fdcb4c051abfd99dd5a2

SHA512
2316503e82b7988ae91eedc966181c2cc3154dbf1c8c77386fa93f8780a0e806912e4c3fbb9890f2c5737cc2736be0bb3c37ba32ac63bffd1b3d3f77d2d5f7b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c9dd35307c41be40536541a7077d5acb

SHA1
1d5c28baa87bc64549ff792e6fed5b0d7865e647

SHA256
f1ace1c7ac67f39a2b46f23270a7cba0c34eb7b8dcf889d463441e6f8134248b

SHA512
ab3cab2d132b52f33a4a2ec36d582ff34bff647aefc7c7f51bd46c629bc4f2b42f47fdc15086933974fb0baf15f9e18bc865b25e5ba0649cbff1360262216bb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ae2cbfdb4588678878e937016d48d73c

SHA1
1638dbe1b83997082ab8200711d246e0773c295b

SHA256
244e161f7b21a689f611a21c814ffb5dd1ccf6295235f7feee0af9e15eee1404

SHA512
dad4213a7f79368c7a4a0fb5b539b05d14b296c86e2c5847313614280e09f4d077a74cc83e15572700db6c716f6f23987ffdd9c893ce1d94fc5514d79e378c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
10d44096fe7b8a0c342e5b78a5a8d513

SHA1
c1218b0bbb6c48b6e6d0c330ceba3c23b2f7c0b9

SHA256
a5070361efa43d91cd07d49f2cd4269f096b38672036ac5d5b583f129f2e9c5e

SHA512
b0d72aa67bd9ecdfe2b948c6ae26d5fa8c473e2a7b270b3224699aa5b93d730e5c4c89c8c86d3fbb726817abc861efcb8e50f10a5155ad199d26baa81618ad60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
175a983ebf790ef1f7699e99189a0c17

SHA1
ef4e895e8facbbd5719e56d8f10bd0375148610d

SHA256
f8f1da650327cde304af88f44cc476326c88c40e11b551e4c7b0e6030ad485e6

SHA512
f707a9d735fd72c8853489e6b1204cdbeeac1606235b964de2be4a716ff8f450cb47210e310e1f21c3f00fd376d329caefc6633dd01ca72230f6bb4c37a37fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
760843361aa097226a84e769a2c286fb

SHA1
93e5248c602c3dbf2520ae33a385e4622ec4cf2e

SHA256
72f8d36031243bfdb138acf7a84a964c998f190ed53e6e06dc647c1998c3aa80

SHA512
3729cd946acbb4da849d72ec00666c8e762d66ad0663fe65ae2103dc00ba4a2f1bd8413f84b8318206b03f9bb7789bb6788e9d91b0439789a4d62a7718df1b8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586bc5.TMP

Filesize
203B

MD5
81bfef224b4eb4977ed3f8c97ff01b1d

SHA1
f6eaa6d2db34872e3d9c970bb736b625b467a6f1

SHA256
af6fdd44cccc0d85b3cdae0cc1eca9ea0645f39894389505b031c574eedb9942

SHA512
70ee95feea0c920d768a3a1bac1d7a68ed6351779c9fabb0b56f18ef4f656c7fb6002be5d37da5f698e5b5280460a8deb4f88d20a799b36390b81b705d0e3f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1ebde473e916b95217881c0bd43d7cd8

SHA1
9655429794c5aa4c93c0e5a9e363130b41f94577

SHA256
a72c13b157f5a7f01a5f883cf4c777f0bafb7e43d0f89d59fa6774f34e688ba1

SHA512
86e17a82171004236ccf7508c18351e037c89f7426baa8e47219bc1b8fcb252ed4cc2743dc11afa82e1e24d484bca3989a5941c8ef26c5c4bfcd23ac0b7fdf9f

Download Submit