d12b1c31c3ac3aaa2b57f2f94f4af59ed33390a881738d85cfe57f43264eaf47

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eac03f2234c586762c07c68c89b21f3e_JaffaCakes118.html
Size

309KB
MD5

eac03f2234c586762c07c68c89b21f3e
SHA1

3490f232c0a412e928dc6bb1fbb6d1b14a73ffda
SHA256

d12b1c31c3ac3aaa2b57f2f94f4af59ed33390a881738d85cfe57f43264eaf47
SHA512

455e37a1fc5b25ca3f4ce664ef77a9230fd9fbefd4d46477b80db091e20dabd3746fdb6269ba1beee6e10fa0aad456fa5980874f01724803411ca91b33b29284
SSDEEP

3072:q53D/kfrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ/:4ozz9VxLY7iAVLTBQJl/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe
712	msedge.exe
712	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
712	msedge.exe
712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 712 wrote to memory of 3844	712	msedge.exe	82
PID 712 wrote to memory of 3844	712	msedge.exe	82
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4116	712	msedge.exe	83
PID 712 wrote to memory of 4008	712	msedge.exe	84
PID 712 wrote to memory of 4008	712	msedge.exe	84
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85
PID 712 wrote to memory of 976	712	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eac03f2234c586762c07c68c89b21f3e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83db846f8,0x7ff83db84708,0x7ff83db84718
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,584835810445299580,2194058172327698814,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,584835810445299580,2194058172327698814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,584835810445299580,2194058172327698814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,584835810445299580,2194058172327698814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,584835810445299580,2194058172327698814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,584835810445299580,2194058172327698814,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
252B

MD5
468fc10540b5d317804fb8d89c1b4de1

SHA1
f76a8ee58f69b084d9139d7deaadca7287639093

SHA256
93b4a91097dab1c5b8140ecf877bc8665b11249c8f0c2b191d1da7ccc21b7a32

SHA512
54659e0208d127ac05c7b8d22b44f9e4d3735d8d7ceade94aafe2c3672edc149c30401e599971622d6e364b293059bca31c24802bdc42b0012977c9f6ee95cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9401b4c64fdffd8f7596cec03ccb2fd

SHA1
4a2d9e8a59c3715d6b6179fe07ebcf92e361f72f

SHA256
6c312a6204ba5a337cc5c5c8e3efffd5cdd0e8df25c07c2b2bc25642880d2a9a

SHA512
64e25a5870352c4d5364c29dbee0e1f3dbdea4eb089652e746ea94b3c9c863f6f070dfff4c5114f0828314da7d95b656b2847644c293fdd79ef42e33dcfe2cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
beae82bb58e4550d190efe8699de7566

SHA1
3432b4228cb2c2916dcff3bdeff634a3c942e9b4

SHA256
035bb33a00a30bdbdecc05b2f6078de0691d1b5958406fba05a4eb14dc04a23d

SHA512
8e1642f84305adab79f8cdd3d31ec04c15f0ef773628e9fa63be8d2259f6c2cd56007b26db13d91c4444d575849b144cbdb11031ce5187c071e8b430c5c82ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cdef24795f5d45466c69d6b2903ee631

SHA1
5825190d2a29b82d67a21582577a827aeeefed80

SHA256
3554d115fd643636c6ba5590f04d205f0895285d6d05d2d10ba4ca5b347fde84

SHA512
1ec5fe72ba172d59ab8a224f8b7eafd7f3263fed75a18fcaf89d3b24a5f3ff0881dd333f33270d6f56cf3c7a178dcef4154f2b3214ff060c85e2624bd4527d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
49f04f501df4d7687cced87aeb91ed2b

SHA1
4cd3ee39ec9333e0e5dcf0edfe3d92754b2412d5

SHA256
afea8137b0efe04c35679ff3668369f949dd755b6d8506be13560782b213c2d5

SHA512
949da4c56ec6560f4ae94f93472fe003de5eca1b3fa557ba4333692c9beb8064839c063deed02d756f3e81dfd3bb604e636aa6b74d1cb92f9a5431a78cafe27a

Download Submit