a104ded4f464ff813a0946a5dce215e4c26bb8a82587bc79f565ea7584ed9d8e

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

effad8086643928590a3e72c3e2df2a8_JaffaCakes118.html
Size

34KB
MD5

effad8086643928590a3e72c3e2df2a8
SHA1

f0eb85fb76fad880704f55bd8733c84754de9a8b
SHA256

a104ded4f464ff813a0946a5dce215e4c26bb8a82587bc79f565ea7584ed9d8e
SHA512

b826c6edf7e16f64352ecd563e8faf5792542522ee327bd630cd207641d2cf1e6f10653ae63b54ffbe422b90d9fa96d8dea712fbe9592a77e498cc8e0eac9545
SSDEEP

768:SSD5xgW8Ak1W4UqV6Zb4CGD1aDNwCTKFHdMlKczh:SSD5xgW8AkDUqWb4CmYNwCTKFHdMlKcF

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2096	msedge.exe
2096	msedge.exe
2256	msedge.exe
2256	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2256	msedge.exe
2256	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 3748	2256	msedge.exe	82
PID 2256 wrote to memory of 3748	2256	msedge.exe	82
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 3472	2256	msedge.exe	83
PID 2256 wrote to memory of 2096	2256	msedge.exe	84
PID 2256 wrote to memory of 2096	2256	msedge.exe	84
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85
PID 2256 wrote to memory of 1088	2256	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\effad8086643928590a3e72c3e2df2a8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7afd46f8,0x7ffe7afd4708,0x7ffe7afd4718
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8077946035718431319,18314115062482344936,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8077946035718431319,18314115062482344936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8077946035718431319,18314115062482344936,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8077946035718431319,18314115062482344936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8077946035718431319,18314115062482344936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8077946035718431319,18314115062482344936,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
447B

MD5
9796edf6b77e7fd138a2f852c47574bc

SHA1
3cd745714e5f387f3d1cf30c0e8aefc387135483

SHA256
05c2e9ac832a7a27a00d90acea39f929b7d636adb7c5350542b5ac708d969037

SHA512
3d3788d8e2514331b1a387056c5f30704f8e38c66822b0a177b21717bc263cfed49b80a43a6ed90a981f86c32d26c16a8de9379490ab110c0fd0aed473e72076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
90c169f9ddc1baea8b4add9f6123bcac

SHA1
523daf42906b47e73de0e4fa1061901ecff619ce

SHA256
80c1eba5d154585312d4634fc65b6bbf4f37c0e931ae4171c566313650eec307

SHA512
81e38e83f1a759f0dbb0b57cce3517aac72325aba9846060369c8b24b3b5af1dc936314d1b09a83a7289f623276893523e20140e5bafeb790fdbb92b1ac52266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
363d9b5ac8ce17603d5211104fe18cee

SHA1
248b65cdf198446092f6c99e95e388dbdc84b42a

SHA256
9301c66d817174efee6bf1457d0d79453c3298d53f2e081319602b546f00c5a2

SHA512
57bb4cfa5cc25091eb35de37fba628723da29664e8ccdc1ec34b6f80382b12fd4cfc34eea0fa9f9b34f9d7d19deba3193dee9193d1adc32b811ec71a2312cdea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
07bc1eed02925692f3d0ab3da4c27d58

SHA1
869a87fba384a23ab04b058e45d615d59fcbe9b2

SHA256
18ad9ca5d456694b3a0fe775a5e01ef1cbd8c22e45a5b11bfccaa3f84f3ae7d0

SHA512
1d62bf3257f357eab2a453ef53ad546eb36bd911fc12e4149b02d95de283413652761529bd90a5116040ce844ca0034700a9dfbcdfb69f92df01f111beab1eb1

Download Submit