4a5c6df519dfd26d983bf0c6af14f9ee87f025b074a6af54bf0e3d88b5dd105c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea770a903df6746449ddfcd1692dc7b6_JaffaCakes118.html
Size

158KB
MD5

ea770a903df6746449ddfcd1692dc7b6
SHA1

cdd553cefbe0282c84d592ac20ffb19dd26fcb2f
SHA256

4a5c6df519dfd26d983bf0c6af14f9ee87f025b074a6af54bf0e3d88b5dd105c
SHA512

9981d0a26fed3592c3544dfcbb8674677fafb0b0268edf1e262f8bd86e896b5bd59346185839e6f282cf95f08aa50917b353471b9d069fae055640e22649461f
SSDEEP

3072:SlyYLr3XyyfkMY+BES09JXAnyrZalI+YQ:SlyYLTX3sMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
3088	msedge.exe
3088	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 3132	3088	msedge.exe	84
PID 3088 wrote to memory of 3132	3088	msedge.exe	84
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 4488	3088	msedge.exe	85
PID 3088 wrote to memory of 964	3088	msedge.exe	86
PID 3088 wrote to memory of 964	3088	msedge.exe	86
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87
PID 3088 wrote to memory of 2432	3088	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea770a903df6746449ddfcd1692dc7b6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa06a46f8,0x7ffaa06a4708,0x7ffaa06a4718
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11484610151478859661,13352158503405419689,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11484610151478859661,13352158503405419689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11484610151478859661,13352158503405419689,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11484610151478859661,13352158503405419689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11484610151478859661,13352158503405419689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11484610151478859661,13352158503405419689,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
07fec54f40ca427dc499febfe25478d5

SHA1
945e0dfd54a68f9c5f52abf72dfe991d4f65dc01

SHA256
b458061c127b68b601b95bb7b2bca87d7bcbf26d6a972e34ee28eada44eb73ae

SHA512
0c92d882068c5ece54b61d03a062d2a1c945a495815b88f2384ff58090ad7163c1549d1ed981f6d334f7f31c0384b81406e5f0bbfe54e1c1789e86871d97530c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
49eb34b6b4be00c718e351fa88a7886b

SHA1
0417276781a1433d68b06fc1b4c5a155c145241a

SHA256
8632f8c4c3ea0411acc1bfc31235e42a2f26ed76729dfb40233fb0b10f6228f1

SHA512
d72089e26927795e20a9fdfde09b92facac4efea694e91d0c5d58fd1bf92c9051f08038dafc13feb331a994a77e636f87994a3c1a611c6836e0139ffd0b7ae12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b7dcbea14bf3c8c05bee653298cf6714

SHA1
fa218c37a5ab5a1fc21d964564643dd8151a328e

SHA256
f64d16ad756ef5009ffeefaa9c60d3f9b262a1fa9540a6433ab8da26da58e92b

SHA512
e750505c681804bc86f9962b49e7c49ab7d3f4cbe8179733b5150cf881b443f00c9f8f88c98eb2427247695be41f18bdbde51b9d4979a9967664caf5d641173d

Download Submit