db8eee7ddf045cd4ab37aa48eebb1d2a8a17cd469e0a95b6b0df462ea278224c

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 05:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef2b03e4704ba74665693a8783afc4d7_JaffaCakes118.html
Size

99KB
MD5

ef2b03e4704ba74665693a8783afc4d7
SHA1

8025231341ae1202ad6f552f329474b8a9ca881e
SHA256

db8eee7ddf045cd4ab37aa48eebb1d2a8a17cd469e0a95b6b0df462ea278224c
SHA512

87a69eb4ffa08ce43689a1e8b6bb178fe01e59502d51de71ebccd311dcd86f2db52081c272992e6dc408c420a88cbce8e32775cb2f65c1aa4ff9b136fa9d65d0
SSDEEP

1536:UV1+B4yz6GWuRAaHaG1WNGaeAS/EQm7xpDG9lE/LIMUmNL4craP4O:C1A1b1WNJeAS/8DDG9lE/sMUmBraP4O

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2288	msedge.exe
2288	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
940	msedge.exe
940	msedge.exe
940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 940 wrote to memory of 2864	940	msedge.exe	82
PID 940 wrote to memory of 2864	940	msedge.exe	82
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2360	940	msedge.exe	83
PID 940 wrote to memory of 2288	940	msedge.exe	84
PID 940 wrote to memory of 2288	940	msedge.exe	84
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85
PID 940 wrote to memory of 4372	940	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ef2b03e4704ba74665693a8783afc4d7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1a4646f8,0x7ffc1a464708,0x7ffc1a464718
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5175535364753283317,13872440247558486851,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,5175535364753283317,13872440247558486851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,5175535364753283317,13872440247558486851,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5175535364753283317,13872440247558486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5175535364753283317,13872440247558486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5175535364753283317,13872440247558486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5175535364753283317,13872440247558486851,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4588 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
b42e0dbdbb5e8acab55080e6d1e9676d

SHA1
3fa6a0dfa3dc893528da7d5bb5d921cd61b63b57

SHA256
5b4bf50b28836d8b2fc25068c4d10be3e0daeb023ecab66abf61ddf838df7dfd

SHA512
d87a224d0f99f52f6008a03659d49704ca30df20cca9ce062407903ca5a18a3294942e42b496b19d2e2b762a1448e09d24a3556252620765d3951f730f7aab55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
59feb94c277f88c17a33f1bc211da1db

SHA1
9de8152f53909cb57628b0dbaade04042204ad67

SHA256
1b98d001a386481af51d5d4aa15bcf29a681c095c9ebb85c188bd4eef3f1faf9

SHA512
9bb69e1f1db85eaf78a88d26b026c5b1779f1696c4419e74c1874c45b077e7966b024c754656b81ff1bd30c30120800aedd009f7ddcae6afe9fab70111f90952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c3a4226651e407d80a41d07d9c20b36d

SHA1
8c7fa23d369ce48bbdbdd887559f3e91c51d7580

SHA256
2722fbb48c6a8cc7e1676198224c8c31c7a0108a27b23b6d9e113781abccb902

SHA512
e3dd9d1c61b0c457bd357dbbd3858d10807af81854f6891b65d3857d1e625308b9959aac9be48342e51a2458ee8aad9d0bf5c973bd04a1ab50d81ce78487ee24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1dc43df2342b0392296f74ee17d7172b

SHA1
4382db206294f2e08a3ea939c97d38949cd40206

SHA256
8aff21db11b46efd88d85b776bc2b8247ba8db790b426d2e98cf46ddec8d99eb

SHA512
d4417966d008f85b3aec73e8acd04891ca335e29d44ae370a8ea63cacb12c35b5060df3a13311e6f37d695ab7d2b2bb6f7eda9f530c109de045e296e4ba184f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
647373ecfbc05c087e1443afc1276e93

SHA1
06a7f021ff49d2526d97aa7c93fefbf04ab76096

SHA256
3831e2f87d8300a1ff2bc14112f361b2e96e33ee628753820739687dee626103

SHA512
9b7a9046b543dbc44c2e2170fed75ce8288116fcd0f2fca89e1b6dd550b08dfb0f48ad77f869d698ba5a191d8d45f9afc57af50239965f45d8d5d06cf56f8f95

Download Submit