91897b3fbf6dcbdeb8c93ec724bfb22949795b9928f9f3cdcd80b72a5420a436

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef2bd406071f118b92825cb96c00937b_JaffaCakes118.html
Size

156KB
MD5

ef2bd406071f118b92825cb96c00937b
SHA1

738a33f719d3d6121bea3b98c0d686066cb2b5f1
SHA256

91897b3fbf6dcbdeb8c93ec724bfb22949795b9928f9f3cdcd80b72a5420a436
SHA512

3913842d17a20b0ea6967449fbf131924bc146bbfeba78a49bfb76ce388a1ba5d90657a6be37d49c6d158dbca0ab3f96967f160793f62d0838f70d05de1c18b7
SSDEEP

3072:X9HSU3DKUP13G4k5QhLpOatViH0hv6Qta2aljcV22wOoS/0Ib+b+FmKgMx3uf9zb:Nya3G4k5QhL8atVXT22wOoS/0Ib+b+Fm

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
2536	msedge.exe
2536	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2264	2536	msedge.exe	82
PID 2536 wrote to memory of 2264	2536	msedge.exe	82
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3864	2536	msedge.exe	83
PID 2536 wrote to memory of 3476	2536	msedge.exe	84
PID 2536 wrote to memory of 3476	2536	msedge.exe	84
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85
PID 2536 wrote to memory of 4296	2536	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ef2bd406071f118b92825cb96c00937b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9099546f8,0x7ff909954708,0x7ff909954718
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10519558702182091543,9645177157050437800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10519558702182091543,9645177157050437800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10519558702182091543,9645177157050437800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10519558702182091543,9645177157050437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10519558702182091543,9645177157050437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10519558702182091543,9645177157050437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10519558702182091543,9645177157050437800,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\70ed7a4a-d84e-442f-83a1-29f0df08e5f6.tmp

Filesize
10KB

MD5
5f46137d6515620961daef5fb4188727

SHA1
93ebacd93c25e216126adfadea25f0edde3c7bdb

SHA256
f48b9a96cc8a6097e35bab4a58e6dc6c1ba342da5684d91e91e90ef096c71ced

SHA512
15cf7fdfdc685e893b99d067394b8ed8cfc8fddd340057d17e8196c4128c08783014f0177294f6a79bb0a7dbdb04111e3e405eff7f9e5eeb9d51695db23b464c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d18f79790bd369cd4e40987ee28ebbe8

SHA1
01d68c57e72a6c7e512c56e9d45eb57cf439e6ba

SHA256
c286da52a17e50b6ae4126e15ecb9ff580939c51bf51ae1dda8cec3de503d48b

SHA512
82376b4550c0de80d3bf0bb4fd742a2f7b48eb1eae0796e0e822cb9b1c6044a0062163de56c8afa71364a298a39c2627325c5c69e310ca94e1f1346e429ff6ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9eb20214ae533fa98dfbfdc8128e6393

SHA1
c6b5b44c9f4fff2662968c050af58957d4649b61

SHA256
b2be14a1372115d7f53c2e179b50655e0d0b06b447a9d084b13629df7eec24ab

SHA512
58648305f6a38f477d98fcc1e525b82fc0d08fb1ab7f871d20bd2977650fa7dafa3a50d9f32e07d61bd462c294e7b651dc82b6a333752ca81682329a389ae8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\18b71ced-2885-4658-82d6-ff59ac96047a.tmp

Filesize
5KB

MD5
4adeff7d852758cd2694fd8ad94d2517

SHA1
ead7d71907d3ffd95a13fe632dd6c0d54135ad08

SHA256
339565044cb8192709fa736e71b553ea61f0645804cc8e74b4373373163cde74

SHA512
88afe2a1c4d0390ec0e9d4e2dfd20ec89a208c6795fb98819429633d595999f064a62ca813f2fc415057f129457cf4633a7f92b8fabb0179fe94b90fd4696f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
886ff096a10c5179fa80e28d198a103f

SHA1
3f5915b86d00ec5dc632291f7a8c99507860fe71

SHA256
8ce27a841b0462f93aaa629968bbfadf75f811b7e73edadead348877c7e85309

SHA512
3c333eb818edf37a29f72e3ada7a8950d3680f05b27f34526723c7b5d0361b97d111c05e580d9e7443316583012bfa88a46f8c7e536bca62c28387e39d122b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9f41c964d3641eb86adbedb17a9762ba

SHA1
9f7637a9a45b7022672344d10e760f6a66705699

SHA256
351e4d7e731724b749d86d59d547b1198c1d50aeff5f968561b3ecae64991cb4

SHA512
8ae295f26cc875546261a8589d862f0c142446995824a77d91e6961b8ec555af9a41487fe6485ef83dd611cc67d2f72fd26ce7816fbaf1c581a6ae65e9d7c12f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0555d547000508d978d286c14d019e69

SHA1
d7a5ac997c0a565b5795c2161580721f2e642713

SHA256
7904bac2a49513b27abe466f3a413bed88d4604946a8b652768de270a57a191b

SHA512
257c41d94e7e6d1cc16dd3c2af3d6624e96f431f5b22bb91caa718eb7517905a5319bda9f4b7d30606a3df7cbfae67995d5e1064fc0ed9e453faaad37ce961d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6be217d826ff7c4aa81d39663a38dc10

SHA1
b32f46cf12fc4821f702880382f18ef3714eec66

SHA256
754dca9404f119306b757d135efbab8856521366fe9a3961c5373dda2a57becd

SHA512
306a06b11f079ad10db885200c0bbe37b56bd9687024e18fa84cfb95663f8fb00debebb381e030d5e6c4daca8eddcf180a37668745ec4972ef732dcb0bd4296d

Download Submit