b528c637a23b76f4ff2c2eac86ecfff39c9f0d5ec459c9bd9d45308f93e2409e

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2024 23:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bacbdf29d6c0011e1dc659e0a081ed65_JaffaCakes118.html
Size

86KB
MD5

bacbdf29d6c0011e1dc659e0a081ed65
SHA1

3593a9d416c568100851894a28cf3111713ec89b
SHA256

b528c637a23b76f4ff2c2eac86ecfff39c9f0d5ec459c9bd9d45308f93e2409e
SHA512

fd571fd0e2d7a53aa43e31b934852510903e8f85b97400a74acec12f218105ee363e4f7c40d4b87ab514be02cc9f980f140c4528cbbdf1a5d83156483d4ee94a
SSDEEP

1536:JC/A/L5ETQul91LT+uHasslRNoduhXp88CB3MrXJr/qPPwGcUoZXmtx:JCA/4l91LT+uHasslRNoduhXp88sMrXG

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
5048	msedge.exe
5048	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 5032	5048	msedge.exe	83
PID 5048 wrote to memory of 5032	5048	msedge.exe	83
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 1536	5048	msedge.exe	84
PID 5048 wrote to memory of 4964	5048	msedge.exe	85
PID 5048 wrote to memory of 4964	5048	msedge.exe	85
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86
PID 5048 wrote to memory of 5040	5048	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\bacbdf29d6c0011e1dc659e0a081ed65_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc44f46f8,0x7ffbc44f4708,0x7ffbc44f4718
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,749445974139721732,6667406447543892983,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,749445974139721732,6667406447543892983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,749445974139721732,6667406447543892983,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,749445974139721732,6667406447543892983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,749445974139721732,6667406447543892983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,749445974139721732,6667406447543892983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,749445974139721732,6667406447543892983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,749445974139721732,6667406447543892983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,749445974139721732,6667406447543892983,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1208 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
27a048d38e64281048c03d86ee80f63d

SHA1
5eaede72db97f6a25d2f802ef72a94f469df4e1d

SHA256
fd5cc9352d6382cad8a31554852db2ef4af4b4aaaa9f7fd2943fc2fae1e595d8

SHA512
0332c0ad1ab5ee78f0a4fd1a58ddb9a2fd7026df9c9817d8fa395e0a29748e55c510c10583dd5e43234331894eff927d37bf18f88360cc1233c2fd33f1ed774f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a98d2b01c7d8ae6f0f3b7356f400679d

SHA1
9ee5b49cfd6816f5b2834cee956f4e82ec69eb71

SHA256
3c675d01425c49f08ab0ad49b1fb59f8943d39c65d5da1a07dcf1ecb42f1a620

SHA512
946dc0d789f90da415b2f87354df642af73ab70f073c69284a1443d5a0dd17dcf2c5b586ca84c28df9ec3cae07931695058ad02ffdfa67be16d3667d86592587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
58f17b0f55c6ef2980e7e498d8896536

SHA1
4dc93ba77cba222c350057d1a0b89a007b477327

SHA256
bcf33c971e6ba35e661b48cbc71668ad7ee568d2d0f52fa45e0b3d2187426411

SHA512
668dd6364774256dfd10c7f883cfd4332c8416a0cb8b3e1973000e0571961bf198b7d257e4625a48281ae87a86535ef5e5c5248a395698f86805d3c096059cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0b5895c2db166fb2e090f57ae18a22b0

SHA1
58868c26d546e114eb82db31f6c45b6ee3a6f265

SHA256
81eca5e99c9565e40d2e2a45954f2e893a288f89037e4631a4377aa49fe36bf9

SHA512
00852cd788a34ab51dd5255653eaabbdafb0c1056333f4fb1a0d49a5f652734125c2c26190a49caf080b1de72bfac46ca0abc57dfed502658160f77dc9030de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0c735d10d59d71a0175f2bf07cf96844

SHA1
a58159d31d7d73c5fe23730b4165c3c18627884c

SHA256
576466eacd2133939aaa585a4c36a6621de6222771453732e7f487e71dd0d727

SHA512
4eee299a1c194d063575d5a4ffd43e4624158622d0459d269a8a47381d2730ec98412d2e0c4cac1824fe646e8b17ec22e3b0b18157686a2416cd085feb5df582

Download Submit