51707ddc01d05e24af552bfdd83863be8aa0e3d4b461da09991f9e5a46e05d0f

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaa4cf558ec1f22db9304a516dc9c6de_JaffaCakes118.html
Size

172KB
MD5

eaa4cf558ec1f22db9304a516dc9c6de
SHA1

024763f8d742446985225c161870bebc5ff1d98a
SHA256

51707ddc01d05e24af552bfdd83863be8aa0e3d4b461da09991f9e5a46e05d0f
SHA512

3ea8261b566bbeed762d09390825261545483dddfe3698dce4ba8878607ffe9f3eed9c95dd75d9e8829636da6b387f53be56cc445bf5bca112cf59c6bca05f42
SSDEEP

3072:W7HWuyy5FwZc80PLK8qpAVt1EfX5hbfq0QFj0DQC0:6quCPvnSV

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1656	msedge.exe
1656	msedge.exe
684	msedge.exe
684	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
684	msedge.exe
684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 2600	684	msedge.exe	82
PID 684 wrote to memory of 2600	684	msedge.exe	82
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 4404	684	msedge.exe	83
PID 684 wrote to memory of 1656	684	msedge.exe	84
PID 684 wrote to memory of 1656	684	msedge.exe	84
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eaa4cf558ec1f22db9304a516dc9c6de_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe318f46f8,0x7ffe318f4708,0x7ffe318f4718
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4925035617805565873,6383298015003076807,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,4925035617805565873,6383298015003076807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,4925035617805565873,6383298015003076807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4925035617805565873,6383298015003076807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4925035617805565873,6383298015003076807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4925035617805565873,6383298015003076807,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
913B

MD5
ed260d35871eddb9bbad76afb04be600

SHA1
4c1bedd77c2273a06e61cd3deb3432ccf65404ab

SHA256
dba0434b4bc9976fe0f881e411e9787586cb02221d3846d2bf1479126ee71ac2

SHA512
c1f2a94ec36ecf0cf398b745c62353ca53c57f009217ca6b3d1d7ad33909db0640c96b0a174badc180f656f080e2aa320a2f3dbc0ca98cae409ab2cc38eaaca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c827853592d5b5fcaf35a870ccf3b011

SHA1
a67f8229abe3d497dc98733cae990633275af812

SHA256
d7a2240f8f05a649ba139f4ed83bf857a27544c5c341fd887ce52721c9de32da

SHA512
af6699f2609b228cc05b4d957459424d0f5678fc82793578998ea2aba12b1eaf3fe95271bdbda33f8e9ab20569e5eea91b9ba4d18e4eb3fb5d100adaa8ba6467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b952c5e90bd27df2028d54b50724d75

SHA1
0244af6a6a0a98ebf5ebc7a5c529371dcc230618

SHA256
9018e353c85f383755febc8cfba0dec5d2b2cacbd3fe97e1f7edbfb367c2e9cb

SHA512
f7aad1065ab3f989887769d6a3a0162aa41c1037ee3163f1a6de737e4247a57290b39a28498a4ebf5531ba56135dcccb6dfe60cada4434c34d14c911f5bba667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d68cbc72f3a1b987e3229af35625475

SHA1
3c2b718b534f172bdc4d81c2f55f47fc802e0cb6

SHA256
a853c51a8d33c1b748f674db0ca98418cc1c546e0f24702d27341136b3e752d2

SHA512
aaaa19bb9fc25c42361ee7607d77b8eeec2a8ccbbc3b5020ded7d58bb70cbec7a4ec1cd7cd60f96b58bd9c68c62fc10e7d7141215509785c0d234fe5208f0f26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
3e90a6f90f9ae9095dbcde2a26b7edf3

SHA1
1834dea46bec8225a1263d49dfe3c86c1751edff

SHA256
19e6f281c188a37aee23672388a8a139e436dd4eea4bfe53b77c7e20a4d249d2

SHA512
e41c1624ebfadea13a57d67ea8f320b2f95d3ea2da790843094bc752ad1d18a10a8836d1b85683c20cb4da68681c4860699b9dd7a660d8c34576aea01ebea785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583ee8.TMP

Filesize
539B

MD5
67a6dea66df2af1109aa7cfb2fe108c8

SHA1
ea95a1d139146cd28c5a43e0a7877e8969b8aaeb

SHA256
c6923314f2148080436742260d137e6db316a9358e4c9ae13519e1cff2596d13

SHA512
312bfd6582657d1f018a0331b803bb6fd0a6862e5435a79d8ae08eaeb184bee45c128ad3bf043e2638de32dc4b32bded0c5803711816210aeb4dbec6fa6fea51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
46c7418b296cced9412d695442a76846

SHA1
8b4977b897173288edacdc9a14b75fb48554c2ac

SHA256
5541d2ae7b3c69b9f62662ccb6e020597061a5c5e9300e4167b1835e99dec1e3

SHA512
41fdf6343c344aa3d842337140c6de4fcd93ff15009f0d604ef4507f26b27e5efdbf0a6a9bee55966725abfa984870cce19f0f06ea2c24d3b354fe0d129ca637

Download Submit