73766d98f6fecf48a9700e64f34137e9c48a51a6ae5975171601a8f09cf68b7f

Analysis

max time kernel
120s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 15:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dc8094ab8af4d1fb0b2489f66d244ea5_JaffaCakes118.html
Size

18KB
MD5

dc8094ab8af4d1fb0b2489f66d244ea5
SHA1

eabe5d5bd874256339059ddc8aa1f7d9f1b93bfa
SHA256

73766d98f6fecf48a9700e64f34137e9c48a51a6ae5975171601a8f09cf68b7f
SHA512

331c0988ba4e2514ecf182d51c2b285f26d6dff41ce7b43529c2da7bc2468b9fc89bb6c0d4895937a62275a65177e33db4113cd680d1c2e4909c9669b6fad6a6
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIk4+zUnjBhS082qDB8:SIMd0I5nO9H3svS3xDB8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
452	msedge.exe
452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 3460	452	msedge.exe	83
PID 452 wrote to memory of 3460	452	msedge.exe	83
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 1344	452	msedge.exe	84
PID 452 wrote to memory of 5056	452	msedge.exe	85
PID 452 wrote to memory of 5056	452	msedge.exe	85
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86
PID 452 wrote to memory of 4352	452	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dc8094ab8af4d1fb0b2489f66d244ea5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff874146f8,0x7fff87414708,0x7fff87414718
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,13289045240552418802,7881837318871602377,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,13289045240552418802,7881837318871602377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,13289045240552418802,7881837318871602377,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13289045240552418802,7881837318871602377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13289045240552418802,7881837318871602377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,13289045240552418802,7881837318871602377,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:2224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
debbd97e4295e60c3bf9a5242358ca72

SHA1
bd6accc80ee7ec8d552264f850066d95e72c9f45

SHA256
e0e8783f63570fc47536b584181dce0614a29b9f6526fbb34f44a2e868456a6a

SHA512
a11e6e9bec88803c1688079b71ddfe8f289827d87317b1d2fd0403c5301bd42624c7d463a115255a45685cc288e4c40ba38a6aeeb48541204860317aa0d76d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a27afe7b70246ed127746ade93897180

SHA1
9e632f8344fe3ed95a4ebeb9a19a5542a53530ce

SHA256
fe9fa202ba5ad03d9a27955ec3e09c539abdb7b446da4ba1caefcbf31f189910

SHA512
ed3b9702a9680a0f277cd2003c4ec90afb8c7bba2393658113f0be7b7486d4e26b44053d3efb9c0fcc4c6bd757c7451fc81a69f281f95a1f65af49ba38b90b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9343bf8566f412641d489bb34a76d1c0

SHA1
babfbdb8f60d49f46f19ad14f8c07f1033fae7a6

SHA256
f3a13827932084d5fb6568a05b130e2686c1b9dda4f36230897e3301694b1965

SHA512
16331bee9e0896c7839ef2d0eb17ef7fcf14f5a9f44f9db104ab1cd141357972cfec663f50423088b68c7dc7e003985bd3c899b34544e4d7f80a645bc7813d07

Download Submit