3375c238b2ca9366f9e83de905a6f281d02ec07010d30bad17ecae15ee7ff90d

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efed3eaeb764c8bc8b2c8c3b1a3d24b8_JaffaCakes118.html
Size

47KB
MD5

efed3eaeb764c8bc8b2c8c3b1a3d24b8
SHA1

257164a1115f90136e29a884f8b5622ce1f473b2
SHA256

3375c238b2ca9366f9e83de905a6f281d02ec07010d30bad17ecae15ee7ff90d
SHA512

35eafc45b3d77b5cf74a7e82afe01bedf3b780efc23ddd5731998911db80b66a3bb4746aa21fa4e3775fbfb8f975199c752694bddc73e017fcf3c53ac91c8d52
SSDEEP

384:tJiGjT6HRDUWemi/cW5n/TEIfeUpDbLQjWg1P266H9YgIoLJfvUBEI4pD08N8w81:tJ5Gi/jgobLQjWgc66cEI4wq+8o9Z7X

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3964	msedge.exe
3964	msedge.exe
4068	msedge.exe
4068	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 4100	4068	msedge.exe	82
PID 4068 wrote to memory of 4100	4068	msedge.exe	82
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3812	4068	msedge.exe	83
PID 4068 wrote to memory of 3964	4068	msedge.exe	84
PID 4068 wrote to memory of 3964	4068	msedge.exe	84
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85
PID 4068 wrote to memory of 4056	4068	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\efed3eaeb764c8bc8b2c8c3b1a3d24b8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0a3046f8,0x7ffa0a304708,0x7ffa0a304718
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7565245226519091313,8884806999247440316,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7565245226519091313,8884806999247440316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,7565245226519091313,8884806999247440316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7565245226519091313,8884806999247440316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7565245226519091313,8884806999247440316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7565245226519091313,8884806999247440316,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
882B

MD5
f90f06fef92c767c9d96caad370ead3d

SHA1
3af9b90637ec7c49bcbe8db09b4ba29e4f5a7a4c

SHA256
feab1a1a531e8e297e8368fc3d24c5e892009592b08a1ebe59300862d744ea2c

SHA512
0d011094a36cc3c595e12a62a5e3c2950954f6cb248726e1ee1a8764a203cab9d3c4a784873a3c526d355e81ce5ee6c70ca003865f92f0e3bb6f2f1fe43dfddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
589B

MD5
aa8368e70cd9f4f6135553c7be72394f

SHA1
072b4a8e8ef906d9d48e216ff344291f570cc5a5

SHA256
36f7b6864d2192de4e6fc1758702f5bc8429e9f81fa68393f94d1b6be8d51a1e

SHA512
d2be92f043ddf9f700466aefc9350c96b79720161b919e69321857891007734c8fc9b077bb644fb9b50c174c90c9be3b46b85c0d3769527601652f6554ced134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f941c0e60cc42c2f3ae442424171c01

SHA1
58e525e31c3bcd793a81c5a24dc16c4afeaf1d6f

SHA256
0b271629eec8780928e6d845cb9c9e61da273bb670eb0d87419ecaa67b44126e

SHA512
0e54c6845e0e825080721f5a4720e9e183dc9fd587e9dda9b404271c9eecc8bd61d45531083f37eb91e19647dc94409a5a603ac8ab2a944b47d7f8995647cc92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aecf078de762a29b77946cdceaa0fcd2

SHA1
299c04fc73c6e55e181e0a764aab5406f18b91cc

SHA256
c7d793c940299b4c620c4c4bed4338c1e4c1ca9edb840465a2039b86628568ed

SHA512
91ff55c810afaa3adb11eee94bb0ad2898fdbfd05f409410ae26a780731b95a7a40a0a67148c8c43040bb2927ef34fa1947868005eac471aade4ea3bb53579fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7177cc7950c77b826a630cff75adfba

SHA1
bb9d0b5b178d67ee150eec5b50beb38f4c3d6e5f

SHA256
bf3e1aef118119e526601fb72e7bd2a82baf1261eef7c869146209aac021f324

SHA512
460f2a1fdc160f26b27b77056b9e6ee09f02644b9a75c1baf56635ada026880980f8f4e927cb99cc106597d04de4ba4145cf137499f63d06a98d3650ae138d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
11cf2cc2b1e1ecd32effc329ed15dfa2

SHA1
6b82ebbead44e14afc757bbf0db53bc2643c7f9b

SHA256
9818781909df6258dcd5004ec086b2caa4aa15e494efe45e0663757f13ef2b93

SHA512
d27b38b8ec8768ad00f18dba08c2406f7276bc87115812d11c399d08b579f21e965daf6f08a00c595418ad08c74a0df23f6b5f9947074c46ed3bd7ed951b2c02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
794d7fac02eb1d5c7202735ed5df8afd

SHA1
4197462dc424fccc7cf803e37c23bdcef8280921

SHA256
1894d4fda49b3c86037d5ab1e15baed4d84c65894d99b25c7fe0cb2f6178d4fd

SHA512
2d09b5f3ca9304ed18cc54043c026d9996f20e0bf15419fb4fc8d2e1444ff21cd8c40024e9faa8b418b3d265bca1c4ba2bacca3e114096ddf29b996e6f6df702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e078.TMP

Filesize
371B

MD5
9c32d67744058917f40ad94652fc94c3

SHA1
ca6bf245cc7fabed65eb6a8bb2793fb922cd14a7

SHA256
f4f2ac77379edd9c01329447255272e49d5b6e766262e84fe6723a4593277e75

SHA512
99a3f9e35f31b0904cdc6747fa289b2cfa38748c534fd1b90df3512bcf473500f3d1df81960f361ebfc072f8df289fb1acf3b046abc188b104da3684db757efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c4130be0b1a978ebf2889c8783bd4c0c

SHA1
0544390db9bfe63691914946eaf21a597cd34ecb

SHA256
b00f4f2fe3e518855116418afc59023c88965cd6fc8ca6201c57d5e49093342d

SHA512
eeccab975f0bc7fb5c6d9d139b71941de3b6c432ee0f30a9a25e356a17c6e392dbe6c449489bdcbf721d6c204e21ff04a4faa18a4e624e5f0a74213c7ddd9416

Download Submit