afefbbff19a1f068c96e142ff00a4ce371a185ae99068c24550736031670e9ca

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eac247e094c9cc1d3c2ce1a83bf1e42c_JaffaCakes118.html
Size

159KB
MD5

eac247e094c9cc1d3c2ce1a83bf1e42c
SHA1

1e8720aea4f6b66642c965fa14a5f709bff85040
SHA256

afefbbff19a1f068c96e142ff00a4ce371a185ae99068c24550736031670e9ca
SHA512

c14c6a2a8ccdc8ba55372f25f15949c46c2602d1afffa6224dedc81de66827d81d65dd37ed1df103f56ec3e6ef597571e1a19181e68091725a7b9bdec87f737a
SSDEEP

1536:SuKDqSCuZl07lDaInCyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:SuSZl0RsyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4216	msedge.exe
4216	msedge.exe
4424	msedge.exe
4424	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 1984	4424	msedge.exe	81
PID 4424 wrote to memory of 1984	4424	msedge.exe	81
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 3908	4424	msedge.exe	82
PID 4424 wrote to memory of 4216	4424	msedge.exe	83
PID 4424 wrote to memory of 4216	4424	msedge.exe	83
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84
PID 4424 wrote to memory of 4544	4424	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eac247e094c9cc1d3c2ce1a83bf1e42c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0d7746f8,0x7ffa0d774708,0x7ffa0d774718
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,12539141470920066104,11681415465635120189,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,12539141470920066104,11681415465635120189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,12539141470920066104,11681415465635120189,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12539141470920066104,11681415465635120189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12539141470920066104,11681415465635120189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,12539141470920066104,11681415465635120189,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
62906249a8074d15ab6bc38d76b8b8db

SHA1
d115e34b56d307fb7c2824e72dfd63c9038b94ec

SHA256
5bd838ffdd60c5a9ea68dde2846ed704883e8eb58115d7f95d0b3389ca4be2ce

SHA512
311b3407f8c2f070c4a86dca708af8448e453557dd91f9c988457191aeb6de02bad9ff2151d0ce5ff626c12d9f891b95ac36876b029040672ce6167d6e338f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6192cb19c7a8e66a71abb525a0d4d39a

SHA1
ab7ecded914fb39131bec3effcc0293b85ac260d

SHA256
6e1fd26c1a490f07bc71f8119fbdbfa65e7e17a211a8a583af39da012a2b9ad9

SHA512
9578423eff6f38bdad130012717b0bdd143cdf55971eef629fb61462c58fe800331d34420affa84b555c781e2f7f76b2024d6dbc10535bed0043e104dc4fa353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
63b32a812afb587070576e068900d0e0

SHA1
c34f01912978bb284ed3664c8c818a0c16893de5

SHA256
9e3372570065cac2cf163856ba942a9a194279fec34228a2a028d797502ff34f

SHA512
29f152f264fa2727c4f8e0cd8adaa552fed91fd269683c8a0516a19e2d90605cb9895fdbe526399362bd697739aa5a180ce0c58538242184a0e2cbd38a7c0998

Download Submit