abd3253e3c0f87fad7535435138f5a97f717b4fd6c918e2d707554490c2b623a

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea84b9acd34a0893eb54bab10b19cfa7_JaffaCakes118.html
Size

52KB
MD5

ea84b9acd34a0893eb54bab10b19cfa7
SHA1

1d16a23c052b968c7e08778d668d5476eeb08bef
SHA256

abd3253e3c0f87fad7535435138f5a97f717b4fd6c918e2d707554490c2b623a
SHA512

2237e68253804429aacb4f161d8f959b9c83838da57011ad9f137957ab680010296bf5c8359f5b65b0a1b5a688770a8fb72be4695afad5e2407b26c38ba7ad3d
SSDEEP

1536:Zs0zZuOe5y0ghNxgefN3MU39DMglNJfXwJ0:m7Oe5LgeefR9Dt+J0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133711909820494335"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{00E2D77C-D9B3-4233-8023-8F5BA94A8722}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 4756	1908	msedge.exe	104
PID 1908 wrote to memory of 4756	1908	msedge.exe	104
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 3928	1908	msedge.exe	105
PID 1908 wrote to memory of 4444	1908	msedge.exe	106
PID 1908 wrote to memory of 4444	1908	msedge.exe	106
PID 1908 wrote to memory of 2580	1908	msedge.exe	107
PID 1908 wrote to memory of 2580	1908	msedge.exe	107
PID 1908 wrote to memory of 2580	1908	msedge.exe	107
PID 1908 wrote to memory of 2580	1908	msedge.exe	107
PID 1908 wrote to memory of 2580	1908	msedge.exe	107
PID 1908 wrote to memory of 2580	1908	msedge.exe	107
PID 1908 wrote to memory of 2580	1908	msedge.exe	107
PID 1908 wrote to memory of 2580	1908	msedge.exe	107
PID 1908 wrote to memory of 2580	1908	msedge.exe	107

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea84b9acd34a0893eb54bab10b19cfa7_JaffaCakes118.html
1⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1288,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=4688 /prefetch:1
1⤵
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4032,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=4968 /prefetch:1
1⤵
PID:1948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5420,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8
1⤵
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5460,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8
1⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5592,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:8
1⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ff9c6fbd198,0x7ff9c6fbd1a4,0x7ff9c6fbd1b0
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2328,i,4835854769027763078,11395402867836962580,262144 --variations-seed-version --mojo-platform-channel-handle=2324 /prefetch:2
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1980,i,4835854769027763078,11395402867836962580,262144 --variations-seed-version --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2240,i,4835854769027763078,11395402867836962580,262144 --variations-seed-version --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4488,i,4835854769027763078,11395402867836962580,262144 --variations-seed-version --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4488,i,4835854769027763078,11395402867836962580,262144 --variations-seed-version --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4588,i,4835854769027763078,11395402867836962580,262144 --variations-seed-version --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=3952,i,4835854769027763078,11395402867836962580,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3596,i,4835854769027763078,11395402867836962580,262144 --variations-seed-version --mojo-platform-channel-handle=3028 /prefetch:8
  2⤵
  PID:1280

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
1⤵
PID:4140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9a8a59bf-e2ea-4747-9d6c-87bbae8ccf5d.tmp

Filesize
53KB

MD5
995ca86b2773b724a73a6b3d45ca0899

SHA1
ac2b4fd7b51ad6546f42802732f31c4d2b7ea65c

SHA256
4e05dd6e592ad307364dd0d05f17f1b0d94ac2240c0cec444954fab8e2d681e9

SHA512
a70eeecc95e9f2d6059dceb1443a329d846196c87e1ba5bbd8e93ec573e816160cee33fbe54c6e94487203eeebdfd5c74a1e6cdc53dfc2c548907e5ba4709f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c3bb51b2f26f736cc6f1564c84943b2f

SHA1
e83a48c82c0711e3fab26f7022d95d2b0cc5f736

SHA256
c2b2c3faf9061c81f97c9a43ad04cf2d2f35911d470d1cca4050f011e439fde7

SHA512
8e50f0d1813db33603400e0c8ef8a97e38a60b38743aca6e1cdbece29ba748f6f63e2a93acfcd2d6d811d9417455ba939f3b2abe6a9a95d73b43fdffd7293d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
f302e7661f0fc7201aec446cebdb0612

SHA1
cbd3a7fadcd108e572cc1428ad93183a02ee86d3

SHA256
f7f52d6579f08193a35cf86563eeb797a78ab53e99de9a5c9c722561a311da6d

SHA512
d13a0c3e737c318ef3d74e1b93d8930ea60b5baab258b09a14489a664716750f39beb28992fbab4e9110d501d39465ee23e8b8d5c933ea21d1015e0ed75f9417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
04b91b94c89966e53b242281d9f66fa9

SHA1
82bca1b5096e5c303a97cf84d52961526b2f62fc

SHA256
5c12e3e7f43b31f971fe061bbcb4d3f72689aa6282cf915d56dba97d01ee61a1

SHA512
fea0a01f27f6e43c8d4b43ab07b6698853c5663413c2932d5439fc900817f95b66af222c6b4e2df3e51cbe507edf029e10b3993ebe0d0d301912dafb46026158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
11e2e5f3305f6af44921e83191031390

SHA1
cd105498ebdb71b05d4a7292b7f15a4367f65a47

SHA256
bab806821c083a06ab562a639004f4f6a8776c84c79def40a0233e2d6f08e78b

SHA512
08b76cf6586e0f2ab7950f4d18c31f4c91c886352ac03df0f912526b146eaed3411d28ebb7da6a7a4168b9edf955a54322c8f2420ea75ce287a6799ce7a7a25f

Download Submit