c51c8e1ceaa7460455fe5fca16a2bb5e1edf36a598464e64ff061a8ea524fca2

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-09-2024 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e070eef046f222cf7e175a6291b7baa0_JaffaCakes118.html
Size

138KB
MD5

e070eef046f222cf7e175a6291b7baa0
SHA1

7d6382dee6f5abf0519a43bd2929a3ca6e4f52e4
SHA256

c51c8e1ceaa7460455fe5fca16a2bb5e1edf36a598464e64ff061a8ea524fca2
SHA512

5a9b038d66f1793535d57032cc7747e2e365b07e027196b445f508a5390d6b9455ae6fd5ac00b2c789b4c0db49c72ce0199d3d452c756ef6202edd95c665763e
SSDEEP

1536:SvXZlCMfZlgHyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:SvJvmyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
2752	msedge.exe
2752	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2752	msedge.exe
2752	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 3524	2752	msedge.exe	83
PID 2752 wrote to memory of 3524	2752	msedge.exe	83
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 5108	2752	msedge.exe	84
PID 2752 wrote to memory of 1748	2752	msedge.exe	85
PID 2752 wrote to memory of 1748	2752	msedge.exe	85
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86
PID 2752 wrote to memory of 3080	2752	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e070eef046f222cf7e175a6291b7baa0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd171146f8,0x7ffd17114708,0x7ffd17114718
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,17762242602198765822,4835682482595095883,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,17762242602198765822,4835682482595095883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,17762242602198765822,4835682482595095883,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17762242602198765822,4835682482595095883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17762242602198765822,4835682482595095883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,17762242602198765822,4835682482595095883,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b39d768b1812f4666291df7720c5ded8

SHA1
13860c46b058dc57fedbc90b1c5a8535066e5560

SHA256
586ea7654321151e9869e9d1d492453634961f0c2ac7185e31fee14db4b52b6d

SHA512
4ee7693ee59bdd32361f106f76a48283cea17493dfded2dd60cf9df7a1643b60c8509b9a95ade71b1e55bc5dca7a45bc8ead5e23c7ea4aedbf39ce5911747f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d49325c3d041c0adde8118c50491c47

SHA1
0410f790f0df5ca1ebd65e2aa8eab6429b375c9b

SHA256
35dd849ad4da22c3f8bc1aa97bc995e87ae8a48b8fa720c09a3fcf958a016c84

SHA512
bbc00b1da9f6f3f564807932dad9e1e02f3c4672c8987be25a38a0bf7f69ac3469af54e952bfa987532eb6abb5d95cfb2592c4b0899b8a5c6468b0ffff459a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a9584e646607ed4ae7c910c5ba95f341

SHA1
cda400f3f934e2ec870cbfad22b079195a0894d2

SHA256
0a0c78fe2ec2a1f599d048b77febbd4ff7acfafdd002ff5e89cd1cedb3bca13e

SHA512
1b63d58c440ff873b6a4ae466c7da2e70d44a79d54864e7c0c1c930a3afbb98a88332bfa2592ad50a065f48550eaca5299677eae4f4c1003e191c6afc67899b4

Download Submit