a0d921eb1c22d48408cc87ea5c130bb3d302d9d1bbc760d4f6b927a192cbf9cf

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2024, 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93f4783174993240fd3b59b803881d4c_JaffaCakes118.html
Size

219KB
MD5

93f4783174993240fd3b59b803881d4c
SHA1

183f3a1652e52ebf68ef9a7003573c7ee4d4b805
SHA256

a0d921eb1c22d48408cc87ea5c130bb3d302d9d1bbc760d4f6b927a192cbf9cf
SHA512

5801f4b132589a0293189c36de11d537d5e265fa8aea0446c65e3fb59f4e407aacffb9c395f9ffbf84bdd0754c55698f2987648c6b32ad46a2ebfb31ed79c1fc
SSDEEP

3072:fuzrxGpPabuuOqE2fWzpvV1O6MrkPuKbD:fuzrgAMYA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
1224	msedge.exe
1224	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 4768	1224	msedge.exe	85
PID 1224 wrote to memory of 4768	1224	msedge.exe	85
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 2328	1224	msedge.exe	86
PID 1224 wrote to memory of 3696	1224	msedge.exe	87
PID 1224 wrote to memory of 3696	1224	msedge.exe	87
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88
PID 1224 wrote to memory of 3788	1224	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\93f4783174993240fd3b59b803881d4c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf3dc46f8,0x7ffaf3dc4708,0x7ffaf3dc4718
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5088336995976488756,17642523090518764169,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,5088336995976488756,17642523090518764169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,5088336995976488756,17642523090518764169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5088336995976488756,17642523090518764169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5088336995976488756,17642523090518764169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5088336995976488756,17642523090518764169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5088336995976488756,17642523090518764169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5088336995976488756,17642523090518764169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5088336995976488756,17642523090518764169,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2628 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
20KB

MD5
4b3121a05808b99aa6e0cc12924f77db

SHA1
ee5805bb76c384d1e1667aea2976bd2f4f94c7cc

SHA256
e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c

SHA512
9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
a085d4c33e21ff8d0c088032896d2bbb

SHA1
4991bc78c95cb15d37c4d362ec25aa4a79110fdc

SHA256
9fac08b9aa999e65d15ffb6f40cad2b3f42023b3d38419612b7bc059b68b6c34

SHA512
9e2e5cc4391eb86266012cf5b2527c5d6e43f9a8a850317f44c71afe11206e5180576a1ca701120ad3330de9e6dd6fb891af752ab855d4af396045800ea1c8ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
16d29427a7dcb5d608a99bd094af555e

SHA1
56274dba1c9f7e6b6566e7ec48e0f7426bfdb1f4

SHA256
5bd312472a342fc8072fe0b434dc8e3d4807ba20d6cfe04fa8ab4268a3785d62

SHA512
cd25a6b963f18f64351c81e0cb2765d0fd054855990aaedac88ba9c4dab7ddf230d0ed2e3c0d182855ded70bac798e4adb49a19fb050c2e3370da578749f26e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
79d7dcbc99c8a13c6b1dd14a830bc225

SHA1
2584a0a7398c5b12a203c9a4ef27a6f221329e48

SHA256
3780d915b29c63383f721ac3796388540fa5485b566783da1c6b5b1967f77a62

SHA512
56a55472ac40f17d2a3df74d1c0fc24124b65fba86879b2c712f4e78985a2387cceed05eee648acbf28ce5c01ee8d1c4d7cee7c65897e71ac69dd4d019f9aaae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
089aacef59b0f18f49cf5a837c5902e7

SHA1
2ae46ef640b16cfffd7806f9179ac641b0d3394b

SHA256
2126191b7b8a3293adc1ee104c150de39f8c2509ffb7ca0e8385f0d7c37da461

SHA512
7246ad26e69ca12b7dc4cc9bc4a85ef26b7cfd70fd6fdfd5fb1b4aba6617bfacdf32a691f2484b47d26af9610a0eecb682708b63cba22c92224b2fb426b4f4f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f1e7ce4025c9826188b1481e7ac8177f

SHA1
28d7ba30e13b5e08febacfb39324c1a6fee905c8

SHA256
fb05e52675143caa47464bcda78da3a017ba8f2c2bc547f615c8ee2141a8604f

SHA512
6997b72825b2c2c167fac14a8dc8b67ede66061a7cdc1cee1af63481efd41f7fc386a4beb5cab1e50a5707fc0a8ca0d34fde6799f43fefa91988f4e9cfffda50

Download Submit