571da6a8aa8288b30efb3e9b5ea7ea0f95f0d402f19daa606f73d926ba82cd1d

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eac4f542a0f70845d77bcd890e960950_JaffaCakes118.html
Size

8KB
MD5

eac4f542a0f70845d77bcd890e960950
SHA1

fca227bd22b3a0ba1a524e73215ec16cd619d889
SHA256

571da6a8aa8288b30efb3e9b5ea7ea0f95f0d402f19daa606f73d926ba82cd1d
SHA512

6befaf13afd548b74892617bd59e0db05104bed70e9d69894f710f0824cdf5a66b03b5f61ebd64277d938e46a6e59bac697f53bc9afe448e32639041d2717ba3
SSDEEP

96:A2KUt4RbR+5Ak/jftfHSHB+cNlKf7cSdv7gAj4RbR+25JzEGcf6T4tJRDPGmNI:A5UeRd+hjlyHAcNM7nCRd+iE7RD5NI

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
3516	msedge.exe
3516	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3516 wrote to memory of 3584	3516	msedge.exe	81
PID 3516 wrote to memory of 3584	3516	msedge.exe	81
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 2784	3516	msedge.exe	82
PID 3516 wrote to memory of 3352	3516	msedge.exe	83
PID 3516 wrote to memory of 3352	3516	msedge.exe	83
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84
PID 3516 wrote to memory of 2264	3516	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eac4f542a0f70845d77bcd890e960950_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb579346f8,0x7ffb57934708,0x7ffb57934718
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,16148667104737485192,15031504331464993016,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,16148667104737485192,15031504331464993016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,16148667104737485192,15031504331464993016,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,16148667104737485192,15031504331464993016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,16148667104737485192,15031504331464993016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,16148667104737485192,15031504331464993016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,16148667104737485192,15031504331464993016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,16148667104737485192,15031504331464993016,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
408B

MD5
f59ce409fe24c487e573485105620676

SHA1
a3e8639c7ae3d4f239d23ce950d460a51e4fe215

SHA256
0495cf733424de7c910e1d9e08932a7970d951607940baafe2c4cc50cdaccffc

SHA512
71aad5b47d931143bf27bcdbfc85a8d5505c02f71fa8093b6943c756bbf6661986f0eb3e170c41c20c01e680ceee7754f1cf721d8d8619919c9af8b007326bcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
38dd48806fb9f81b81d2a571a7e35e99

SHA1
427b4ce42601c2fbfdd08813d02dbb360191f1c0

SHA256
8fa51b7defd00da53b48b31ddd6f5ae0fe9b92279b499d337e2ba5e4d7ccdb6a

SHA512
794bde6b0f86cd1deb59acefc0828c2d19f4cfc50eb4d2a057ca8f54f4f8b949be25a4aaa9467fc8f1cfdaf44f90bbed25482addf1636a0459205653d32fcfc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f6e527a2de52ac16d854f87a376f35a

SHA1
11c466ee1da431e237592eb3366f73b9958ec8c9

SHA256
bdd6ac82bf4245b6e127b8187e38af325ed8e0d2be97fcb2b63f52be04c21cfa

SHA512
019466a92cb086216a4408281fd229eeeae480170e458e45cac6d5fad8504783710b1e886d85d35a1bfca7c87b7480637c1b4e60a4abe2f76b5317f022433638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
629c0bc8517c8a57c60426f96bc9c79e

SHA1
793168f4c0229b07cfe72d5e4d7a5e97514de3a7

SHA256
119203eae7470e978cb8e9bc5f706d79a49dba178da1940f246cb5d3728d1920

SHA512
eb1e148a0be139487193290ce95d825229106d04e72d80087e960581a99d02543c2b04d77f2f7d02dd354879a652627fd23d19fb84cd3fd7266121ad17f5e397

Download Submit