7589d79d87f790b0cb70c0205c1460429e693b53d9faa9ce19019a7732b19e94

Analysis

max time kernel
145s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 11:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eb3f9fd360d6edccaf386e621f5ae75d_JaffaCakes118.html
Size

8KB
MD5

eb3f9fd360d6edccaf386e621f5ae75d
SHA1

0306f59be80446fc7f86d3518d314932ecb9ff7c
SHA256

7589d79d87f790b0cb70c0205c1460429e693b53d9faa9ce19019a7732b19e94
SHA512

ff7e67e82854f1f67a161103f9e6f4862558c2411f439167903faf6fe83e2234c9f5a41c425e7863207f4365da00f998225d7a9f6463b9a5ae1c288ff54992bd
SSDEEP

192:6aarTw3bHLZnuq6CXugU0NIXzyI60/H51+LhkDckz1Yv6I:6aoTw3bHNuq6CXu70NID3r2QxYvF

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
4028	msedge.exe
4028	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4028 wrote to memory of 628	4028	msedge.exe	82
PID 4028 wrote to memory of 628	4028	msedge.exe	82
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 1696	4028	msedge.exe	83
PID 4028 wrote to memory of 2136	4028	msedge.exe	84
PID 4028 wrote to memory of 2136	4028	msedge.exe	84
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85
PID 4028 wrote to memory of 3872	4028	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eb3f9fd360d6edccaf386e621f5ae75d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8156b46f8,0x7ff8156b4708,0x7ff8156b4718
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6553297037254938439,16483025967577529873,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,6553297037254938439,16483025967577529873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,6553297037254938439,16483025967577529873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6553297037254938439,16483025967577529873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6553297037254938439,16483025967577529873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6553297037254938439,16483025967577529873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1320 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6553297037254938439,16483025967577529873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6553297037254938439,16483025967577529873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6553297037254938439,16483025967577529873,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9425d79d18bd76a25252c9de8b3056f4

SHA1
77e684f0f26edc53ac53436e34e1220ce79c652c

SHA256
731904d69c47034167f007b337cbed6aeef569076a784e863778fa55375264dc

SHA512
f57e9c546637acef5af5550abbd0835ca969c0a153bc9dd479ee820bd90405ae353b4e86b470abdb8721d47807ad55a7880c31971564139c809400abf46f12b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
318B

MD5
5cae9ca8da8fb081af3d02293c79324d

SHA1
c9cb2e841b7107701c0e7cd1750d9f38ad23d15e

SHA256
4e2d950b6e8b500571f2b938e028155e0416d4789702a2add3cbf64e201cc6d2

SHA512
8f6532b87708af6739080a66499f883abaded87239442542a411d083ed62eea98545a4f13dc6f48c462dff96cabdfaf1d99db6d4fd608ffd4c99a0c0c882166d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db8acdf7d97bd0bea94da14bd7606342

SHA1
844a12c6a92d53ff4d35f20e9c04607f8775a031

SHA256
ad5a51a420aea51f0d1f1baae064c91eb033a3f52947d9483e28e82c8ffe36bf

SHA512
67617242df57e78a46303f5e22be4762bd0859eed0688cee6b1a00be5fe1511d076e991295061ec0099e5a07ed3d74b0f1acb9e6e8939c157ecba28308e4f8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
081f72b4596363ac62c185fded2907f2

SHA1
31170f044b870b7148b68c8e22ac91af13d54220

SHA256
ae6c004934f95ec8a253f33386edeb322b051253c30119fe26e0d4c4774ec7d4

SHA512
dfef7a6db2c01ce7fd5fef3da511160ad8ff38c84e6bacb8db4d40c293d5e0d26b2d42908fedd53363149c2396fcdba2a00dc5bdb6aa4000739bb655a8856c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0a9dea22243a5d00a3998724207c8dbc

SHA1
0da7dad9e2bbabfeaa8b88b0294971f8f70cde75

SHA256
87e124ab1982e554c37f844e36ba634e27dba9849f3a0ffd6b7ea92ba8c432f0

SHA512
ee9e486e3f51cd2b1ea5a12a1120634954a66d377e37cb121d77db73d7472d2ede6703bf058f4389af05b66d5af59a5999cee0c3bac9db8c4ee927bf90e854a7

Download Submit