3d4a98014836bc6b887287bca0a3da2ce85606198ac970e1e477cf58faeecc00

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc87f553b018f6fee9b9ee3d792cf9ed_JaffaCakes118.html
Size

55KB
MD5

fc87f553b018f6fee9b9ee3d792cf9ed
SHA1

805af916030f34d3db23a590b1ecfc81c5f6978a
SHA256

3d4a98014836bc6b887287bca0a3da2ce85606198ac970e1e477cf58faeecc00
SHA512

811eff221023980d0cf4eafe793299ed2645c641b02ec577a9747da4a5db4ae88c48efde9371b837f9da98ea3619a24f24c96de13feb4b39321f824ac7dc937d
SSDEEP

768:9SoHX5ZPVCTo0FX0gWQX47hXSwY/z/AymtK995AJ/Q3tx+4XK298+:9SoHXQTo0FXSQX4dFHK3tg4XV

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1048	msedge.exe
1048	msedge.exe
364	msedge.exe
364	msedge.exe
4916	identity_helper.exe
4916	identity_helper.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 364 wrote to memory of 4212	364	msedge.exe	83
PID 364 wrote to memory of 4212	364	msedge.exe	83
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1476	364	msedge.exe	84
PID 364 wrote to memory of 1048	364	msedge.exe	85
PID 364 wrote to memory of 1048	364	msedge.exe	85
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86
PID 364 wrote to memory of 2020	364	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fc87f553b018f6fee9b9ee3d792cf9ed_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9970546f8,0x7ff997054708,0x7ff997054718
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15925685136696201492,12287949437615404083,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15925685136696201492,12287949437615404083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15925685136696201492,12287949437615404083,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15925685136696201492,12287949437615404083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15925685136696201492,12287949437615404083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15925685136696201492,12287949437615404083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15925685136696201492,12287949437615404083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15925685136696201492,12287949437615404083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15925685136696201492,12287949437615404083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15925685136696201492,12287949437615404083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15925685136696201492,12287949437615404083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15925685136696201492,12287949437615404083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15925685136696201492,12287949437615404083,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5156 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
34a60470a6bc047cd60213ec50fbe827

SHA1
a83c088f41ace3341342e4578fb6f3e219b63d4e

SHA256
ac51de8303e74829bae7197b882fa3600bf3d0d0ca96a8d1530da4ad05c04c35

SHA512
4f1a91c0a4112e1804be52a75188582a97c18540e3da3f3b578fcc2b0bcf4d9da1a3855fc9d2eda1d3a41751463c44b4eb651497ecb730a372fde7990f3c0c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9e944d62b9e137039ead6897f8114fa6

SHA1
4f07bd89cefcd3c9404b8586d19ae5cf326c064b

SHA256
6b2280ec2128325b802df61dd6a72df8d250a598c7b707f9855c0a6eb2a9e46a

SHA512
37a6f7c407c683696a484c20c6eead11e25c943dae456f85c9f08440cbe052627b9cb40d32da782cb63783911fa7ae3cdeef6e07359274d52dcdb7772ced4047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1543deec537c54f3b99f1e8326de3d1a

SHA1
20bee75d8c1cf53ce34972f108af2a1d8d911354

SHA256
9025806cd92cd88eb243d1369224cb6b42c09f73e7a2ffff15ba871a6fb9a65f

SHA512
8bfe9e4c440cb9210665a0c75818fcc5acdaffbdf845c97d5ac76d7b3f97aaa1573ebb6a95b8330c076d7106d53bcce9bd8bd31e1f6176f6fe2cb3a3ebca716f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f0965b09d51083f294f28937b695fea9

SHA1
43a1fee643895f03f2f881ac0c58c7c7df912a4e

SHA256
49656d3b16e114daa4954f9a2a7e939854126bc9a1ea30ceafc46e72b996db8a

SHA512
6bf935b7184460fdca6b212361c25e9cb2dc04926796680f2f8ee6a404aa4b37828dbaf3d4fdc4a30ba3bcb60901a1cd8b74fcea3c5f4b9968df487897aee9fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
432146488d689edf0dc7e0913e91975d

SHA1
38044f2231448788017d479b3326e3b2f2c5006d

SHA256
c2e3ecdf3ada398a1e0a0fa49ecca127d800e6ff1c12d309cd54b6f5cd0e12f0

SHA512
08b80af59dc947ec99a3dfb4f34e7e98eb654dcbd86bf5eec150942569d40d7f4b5ba2cf675cd3d16c6bf5a02e5228d172cad686ca76ae78ad272358a86945e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f2a772de26d5a82cf5c04a4da1570a4a

SHA1
4f7b3d939883c507756dfe3bd09982dd3b905aba

SHA256
25947f918aeef13678220d3830ab35de5c62c42aad3572f1f67c5eb9a5a20745

SHA512
af98a2cbee60059e2ba189253388f03d706737b7f0f49774888066d1fd385dd1d001761564a0af17d18f85c3ded1147c3600ee0433f5997ede821f93a5caba71

Download Submit