1c14e4aa8a30d82aa2920c58cd1eb28b55ae12734e820367ec91f61fe70f2a98

Analysis

max time kernel
145s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eeb76ba3cb9a880001fc88626885cf2c_JaffaCakes118.html
Size

115KB
MD5

eeb76ba3cb9a880001fc88626885cf2c
SHA1

a891067dff87a15231da197d8beee0b8dbfd366c
SHA256

1c14e4aa8a30d82aa2920c58cd1eb28b55ae12734e820367ec91f61fe70f2a98
SHA512

5af68472dd644d930b9bccb0403538b66b7af64953f022d279186265d427ac2a4a562332c25edf27707a3372393985fb007ccdcbcb99dbab771a07018ba121a2
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcPfxHAdwKLOWYqcZhgwOIp:sG0nL5o

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1304	msedge.exe
1304	msedge.exe
2888	msedge.exe
2888	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 1484	2888	msedge.exe	82
PID 2888 wrote to memory of 1484	2888	msedge.exe	82
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 4152	2888	msedge.exe	83
PID 2888 wrote to memory of 1304	2888	msedge.exe	84
PID 2888 wrote to memory of 1304	2888	msedge.exe	84
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85
PID 2888 wrote to memory of 4976	2888	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eeb76ba3cb9a880001fc88626885cf2c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff51c846f8,0x7fff51c84708,0x7fff51c84718
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,5676219239335817543,1452645625490131725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,5676219239335817543,1452645625490131725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,5676219239335817543,1452645625490131725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5676219239335817543,1452645625490131725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5676219239335817543,1452645625490131725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,5676219239335817543,1452645625490131725,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
83e7aede3358ca4924637ca2dbc64ede

SHA1
55c15b0b936f7a673033b59fc43aa06b8287b804

SHA256
0dca9492243eb89ae43204d2b3b82bca0baa089e143c08769103aa06761189ce

SHA512
404044b74998656aafc481385ceaa68abf0788a660e33ae480e26e836acc3599d2b3976c1b1017e9acb30119a4366b71fd4245cdd5cb135cd2e16841b647796d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a63a4700f189699e76c0bb33d6396cf7

SHA1
f0a41bbd45d337fcb47bfb785a35200456e04d01

SHA256
27cb08412866cc37c20da969da50b1f637325121ec1aba2c101ab4d1cce4712f

SHA512
d5975c160b448423f170ee4da09a23326f0a52710fb52860d541ec3449e50cd13749490999eb4935bcb29670eee070aea93ceba99fc8356553a620cd01e31aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
010088ea8f516e99c1b7a7b9f7e41cde

SHA1
50f22d80e856d2dd9113b1cfb3d5c00161518e35

SHA256
7139d4701bbc0f3bb84bb335512dbb47ef0825338953963268975143c6e0e47a

SHA512
262995547a25698a7694657567032e3b217da10fe953e7767403121b2a7d86c050db0fdfbadb2d0e479a423c971fe5a6b9a7279031f9b684bd260013264aca5d

Download Submit