38fda8e636f02a7d28d4152ab267bf0ee474e58ced2912573bb5eec13c44056a

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea878996c24784043c1b483fa5ec1c17_JaffaCakes118.html
Size

139KB
MD5

ea878996c24784043c1b483fa5ec1c17
SHA1

48ba8411092e54276b52d13b0b7a29181345e651
SHA256

38fda8e636f02a7d28d4152ab267bf0ee474e58ced2912573bb5eec13c44056a
SHA512

50f214ae1ded5ebbf4881a2bce8144ac63e44869cc1939c6c08bd68a5ac29ea067c35d1c581f703a63ceac31c7e63a02f0e5f376a974f7355eb25b83385ddac4
SSDEEP

1536:SQFNyR4X5qluwuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:SQF8swuyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
516	msedge.exe
516	msedge.exe
1132	msedge.exe
1132	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1132	msedge.exe
1132	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 2880	1132	msedge.exe	82
PID 1132 wrote to memory of 2880	1132	msedge.exe	82
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 3520	1132	msedge.exe	83
PID 1132 wrote to memory of 516	1132	msedge.exe	84
PID 1132 wrote to memory of 516	1132	msedge.exe	84
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85
PID 1132 wrote to memory of 404	1132	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea878996c24784043c1b483fa5ec1c17_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9545846f8,0x7ff954584708,0x7ff954584718
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1923636293315535963,10619711824754140974,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,1923636293315535963,10619711824754140974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,1923636293315535963,10619711824754140974,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1923636293315535963,10619711824754140974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1923636293315535963,10619711824754140974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1923636293315535963,10619711824754140974,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b802e2c99f93cf8e836e10f781fa2527

SHA1
e8b90b1fa2d7de786269e33a928ee8be71a5c41d

SHA256
289aa6f2288b186552aaec89d745636bb6530c81e10d35a4475f8ff391660e57

SHA512
195a19b975b1b734d48829275663d53b29ed060f0700ef89f10edd6be3652b7fd43b8ab3a12f3104531bba4117f164781156b3317fa64963194e39e8f15e7520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a2417cff83eae87f220d9dc59ff8de8

SHA1
633fa87ef2aab7a85637a017ac3dc6e69c8d2bdc

SHA256
17e3102d9f5a5de764a162db1ba762781aae13cce4923bb5fb3a962741f1112e

SHA512
921a5d4b73e12f586413da41404cfef86c1e51e97a21fa2b520a7be144f1c86aaf0d0e78310b8f16106eecef4471433623dbd907ade61585a1c6241ff212a1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9e011bf0811f36369389d3ee0914e9e2

SHA1
7008b142f9e4b70dd9e4662959c9d7b58f44ea3b

SHA256
8364350c0ab33cb011eca1dae7893b58cc6055d4bbe8fdc3faf9aabc696e4345

SHA512
a992cfacbf90f4deb94145b6828a4a237cb880ae6d5ca99667fe110f6e2ae06610df7f02684978385ab2b2a7ba0901388736cc86b59f05cda0a36ddf66fa5d5f

Download Submit