c14b92ffc50d9aa0d8319767f27df960c6f3acbb5227a28e7b0d62c9bf69e877

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb01fc53a5634c0b7c1fd7df442bca07_JaffaCakes118.html
Size

142KB
MD5

eb01fc53a5634c0b7c1fd7df442bca07
SHA1

4cf00e57827d285bd589009c0cf56c885cea18eb
SHA256

c14b92ffc50d9aa0d8319767f27df960c6f3acbb5227a28e7b0d62c9bf69e877
SHA512

178b9c9ff9fb3a203f0fba45800bd3df1da78a174a21e5488dadcc755c883e94326a79ecb228c60ec30b9ab99cc9e3af45b13ccd25106d8b62b638909c978fd9
SSDEEP

3072:SmXiRSKJx7dyfkMY+BES09JXAnyrZalI+YQ:SmQSKJx7osMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
2356	msedge.exe
2356	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 3944	2356	msedge.exe	82
PID 2356 wrote to memory of 3944	2356	msedge.exe	82
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 1716	2356	msedge.exe	83
PID 2356 wrote to memory of 4496	2356	msedge.exe	84
PID 2356 wrote to memory of 4496	2356	msedge.exe	84
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85
PID 2356 wrote to memory of 3744	2356	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eb01fc53a5634c0b7c1fd7df442bca07_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8234d46f8,0x7ff8234d4708,0x7ff8234d4718
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,363370476281850800,7516751852101317464,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,363370476281850800,7516751852101317464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,363370476281850800,7516751852101317464,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,363370476281850800,7516751852101317464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,363370476281850800,7516751852101317464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,363370476281850800,7516751852101317464,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4829218222c8bedb9ffe89dffd37095

SHA1
aae577f33f413ec3d09f2e7ff5d9cc20a602241c

SHA256
49239b229a2519583ba5d6de3702480b8a8ebf3cfaa8945100dbab25fcb02b7b

SHA512
03e26a2e3de41b8a829b5543da504c7d7ccdc4c112d629efcac24dcda23acb50a52b5b99572b5efb2a01cf392a457cf9fac85663b3d63f7606be00dba218f8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
15e9c4b4eefb3e1c08a010e748e10f58

SHA1
3172378f2c7a00553ce086dbf53fcf3126c5a724

SHA256
07b56a769467e8b57f9b7acd9d32da266ca5000803758c18bb6818ac236c7000

SHA512
811058b539e914a812c88543bb6657de736f691d18d6dadb5e1f6ced286780fb334dc5f575babbcf4fd2dceda30d1bf4004b374c5775e7f278346b100b29eb7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eb8dd46637e510cacc723f7f0537a4ee

SHA1
d3906b20d761051ae7b33a0b5998ed244586ab59

SHA256
4f596f1c6d81bcc9124fa6b8be3fe2b9f2bd288d4b9edc65a325299e62d20458

SHA512
281fdb9e1349d54b82a986f709cf72b1fc33c9f4067346c9303f0f4c6dc5f2b29528dd525cbd4ffd095fbe0683b3bfdd62bfbfd0cdcdbf834189d5056bc57406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f025da22462c1c0e43a19060ae25496

SHA1
83f5a607ce7e4b3f83ccfd453eb13f114190d510

SHA256
b2e7af8bb58d7e502361dfb12216c9e6a20f424d84f7e9353bf9ec84e4e0604d

SHA512
9e1e5f3870ec01809f630e7f08c8458b0f67925b8576acf2988d588cd3c0524f1aa3ff9e24aacc4efabdac12afd281474da1d3a744ab287295be2cf2ba3cacec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7915ba0545666aa5833cf9f9f86d45d6

SHA1
743ecc319bc2a54973582d4a5198042a48fbe8db

SHA256
f8fcc045da13bde0f5dec3ada86342105cbff34ebc2442bcf51e8ed509a95b20

SHA512
a53036251a22cdc95579ea8641c5574f1dc1f7dfd0390f00ebeafbbea0c1a2c0c3e6dba23bbbb8d8e2c77a3e1e816ccfaf84a97da1c334019c8df1414999d1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d8e88af5-f13c-43fe-b152-a6438b43ad82.tmp

Filesize
10KB

MD5
068bfaf389eb2e133bdb409190706201

SHA1
9c248f2d94d3fcc390f012df689939c708ee3fe8

SHA256
6890879c7c463ed88258561dc6cde086b5c58f9397acd966a7699872d989d14d

SHA512
5b2de572e606212851be4236255fcee571f55b62ea21ddc8e967884b4a9b5aaab2331f8c26cf56d8ff09272ee861bf06c1fb5c24c31b64223ff9a74f82bdaeb9

Download Submit