ecd00dc2c351b7396ed1ec8d56a2e837f1241f9493d7ee4d3019503371f181f9

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce4fa0d0513df4fa55630cbf930e6ab1_JaffaCakes118.html
Size

89KB
MD5

ce4fa0d0513df4fa55630cbf930e6ab1
SHA1

21aa6f7fdfac88a295a0e13b95958d8ea80153d5
SHA256

ecd00dc2c351b7396ed1ec8d56a2e837f1241f9493d7ee4d3019503371f181f9
SHA512

b311aa9c475170244980755d525acb1779e27a75be41f950c9089c4a1318cdad6ee1fffd074c0837abe12b43f13a4cb0f95825b952c94661245f4d2ea3cca5ac
SSDEEP

1536:oDD598jv7o+MPgE/YYAiUxGRrWmMr9RKbJdnDbY+VpUasxrsWjTC/:ADeoTExGRrFc9RKlGxe

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
948	msedge.exe
948	msedge.exe
1888	msedge.exe
1888	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 3064	1888	msedge.exe	83
PID 1888 wrote to memory of 3064	1888	msedge.exe	83
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 4824	1888	msedge.exe	84
PID 1888 wrote to memory of 948	1888	msedge.exe	85
PID 1888 wrote to memory of 948	1888	msedge.exe	85
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86
PID 1888 wrote to memory of 4388	1888	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ce4fa0d0513df4fa55630cbf930e6ab1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ef2a46f8,0x7ff8ef2a4708,0x7ff8ef2a4718
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15516066857712164143,12617118759564416884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,15516066857712164143,12617118759564416884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,15516066857712164143,12617118759564416884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15516066857712164143,12617118759564416884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15516066857712164143,12617118759564416884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15516066857712164143,12617118759564416884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15516066857712164143,12617118759564416884,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\18418d31-03ae-4002-82e8-b7cd3bea2245.tmp

Filesize
10KB

MD5
dac3e9953c193056eb320b4854998514

SHA1
05f6d72c7e6861db602d4a8cfa94fe09c1c20bd7

SHA256
976e97698bda3cbce43d35de5ac68721bc11fc32c89ccab72bc7263c3c9fe50f

SHA512
cb20d0fcc28e5edf8ede973f125f16ee19e7b3af0d04d1615ccb234a916136a568a751419005d2ae2dedca1aa28a037b63f146909d8a9827246e045db5bbfa27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8fae58396a722685003b6e7ae1e574d5

SHA1
debe31ce3ef876cfff9eac029fd1498c67c0ca0a

SHA256
9fe4c29acf429e94f250d95579ebbc5d2d9208e474eb3b1c7c09b83765e5957e

SHA512
8fb4112dfcdeefa381408aa768a9d4353634b1cfb7ec7601e17b56b69dab8e31a84019dd54e399c96e79a63c45acf6854a987dbb7e9e4596d0d58348893646f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
78c51d08bc5555016eb0fc2872703cb5

SHA1
b6d9648cf4a92a3c788ddee591bfc2a9cd0811fa

SHA256
d2ce151be2939c18c1d6792287ea54b7df232f8dd0d77e685d1681d1d5bd2408

SHA512
918ae6f2f14767cf56adb6755ab1b4ca4a6e3686a4289d1ea98e9309880d82b6f9cf76f1e4e52ccbdadf482decc1c181d2f5254a1c338f58ecb9c7669fc17e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be3676e35b6b2747fad4f011cfdbc3a9

SHA1
24c184310431b7d8ecf97bdc138ccb67aaf52b61

SHA256
973f9359a2d8daf7a1e2b756b2337ed548d086a2bf5d6585a81302d0dd460af6

SHA512
dd6aa3c7facdf072cef5f5af2ce3f563e45c46216f6fb54568e9adf333d7f06cd90dd63379424cb206ecdc30d3a174b826ae7d2d1e3d2a28771d510c8a8adf1c

Download Submit