98449b4b49c7f303a3f0deece0b48d105d4a7b441cb9f586e572e754619cacd8

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

daf62671d696b75bebe13c4fd7c410e9_JaffaCakes118.html
Size

102KB
MD5

daf62671d696b75bebe13c4fd7c410e9
SHA1

5190d704bd77828ef8711c21c6bbd70242640c1c
SHA256

98449b4b49c7f303a3f0deece0b48d105d4a7b441cb9f586e572e754619cacd8
SHA512

972e72eb197cc5027e078930a333128838d423828a5c2a9dc4fa477236cbc5f7d64e2c7f4a610041fa5d5ee59e357954aa858022ff926effac5c55a69c692918
SSDEEP

3072:SZy9DWXOsDKHzcHydLwDqdXWhlWDf6EZEVrHxccBN15V:SZnN15V

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4628	msedge.exe
4628	msedge.exe
2848	msedge.exe
2848	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 1728	2848	msedge.exe	82
PID 2848 wrote to memory of 1728	2848	msedge.exe	82
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 1136	2848	msedge.exe	84
PID 2848 wrote to memory of 4628	2848	msedge.exe	85
PID 2848 wrote to memory of 4628	2848	msedge.exe	85
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86
PID 2848 wrote to memory of 2496	2848	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\daf62671d696b75bebe13c4fd7c410e9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc75f46f8,0x7ffbc75f4708,0x7ffbc75f4718
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,4610269819237235409,6237176479468700487,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,4610269819237235409,6237176479468700487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,4610269819237235409,6237176479468700487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,4610269819237235409,6237176479468700487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,4610269819237235409,6237176479468700487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,4610269819237235409,6237176479468700487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,4610269819237235409,6237176479468700487,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d16a3e8e57dc6fab0f64c5fce91d3ff

SHA1
86ae4016b8b97d5959d471f741806db3db7037e6

SHA256
9079c7edbaed2a3705a1112d1ee90296bcee4ac8e0705ba267bbecfd9654f4bf

SHA512
f96efce84c4fef181b2d2cd6dc51ab2a7eb3f5442b6e17b69bc0aeb4c9cb6fe36ad5c3a9924e784525d1a32b26a430fd210da6366413f702ccedc94b43f591df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
73e3d2d3552c454b3478d6da68a32b37

SHA1
cf043d3425b93eead68204697eadb343c822f14d

SHA256
676180e40cbe7210076dafd2c275086e2bd295597e1a6867156496d7a9dcf30f

SHA512
89ebb4c5d17118384073eb5e09be8c20aa02f9a27afd06c99901cf8643ecda03c97bacf7bc529afbdff3d8e00c73c7ccf6a3226e6d4b2eb6a1a60868527f9638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d337605a7be4672e37e1947ee42f68fd

SHA1
ef1c11912becbd571579672357ab16d4133f5e34

SHA256
d25bf33d8968f3600b4a47a6b7f40f48a9b0a7816911f3140163c0baeb3911cd

SHA512
162568fef21f6507b64d3767c654c68e1d6fbadc474c71660ac0715b0af9621e3f4e3ff627a0504a8045a6118ffe465fe4bbdce95d004d20e9c6d23c608ddc3a

Download Submit