e9be07168e1393e801da6f80798e1ecd282a60e8e8ea39c0cd30c3d674b16822

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2024 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f61ae52c1f73a5e4964b37a83e998945_JaffaCakes118.html
Size

139KB
MD5

f61ae52c1f73a5e4964b37a83e998945
SHA1

f947f47c64a2f6ad140ee8551cae4c79ba6f1f49
SHA256

e9be07168e1393e801da6f80798e1ecd282a60e8e8ea39c0cd30c3d674b16822
SHA512

5553e7cb321c2addb1290356e6db7dd9a4a0bb00d4727aea5d5954c118c5a81f705f216f7d2e48c39fcf09e94d63c2badb2005c4a3b5617c9ae4a7780744256c
SSDEEP

1536:SqNoSxOlgyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOZ:SqpRyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
724	msedge.exe
724	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
724	msedge.exe
724	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 724 wrote to memory of 856	724	msedge.exe	82
PID 724 wrote to memory of 856	724	msedge.exe	82
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 1144	724	msedge.exe	83
PID 724 wrote to memory of 3468	724	msedge.exe	84
PID 724 wrote to memory of 3468	724	msedge.exe	84
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85
PID 724 wrote to memory of 4652	724	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f61ae52c1f73a5e4964b37a83e998945_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffed34f46f8,0x7ffed34f4708,0x7ffed34f4718
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5120464677686564605,4206738540535718780,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,5120464677686564605,4206738540535718780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,5120464677686564605,4206738540535718780,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5120464677686564605,4206738540535718780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5120464677686564605,4206738540535718780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5120464677686564605,4206738540535718780,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
70c6cf26d4b956b2ef2a74f5f6e7009e

SHA1
a8ed7c7d217140a0bca40c8bed1bfcd2bf5db657

SHA256
66ee71d885e416589fefbd0b2f482cb032de0edd290bd8de31af840d59168d89

SHA512
6463dd1f59404664811770f7dece43a36b7f50c708493de668386fee5aa3521f8fc47cadc0bc50073c0472cc1a4d38369911774cf4c898ae8892bf7e5aeb15d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b4dc95cb-dc89-4009-b505-e19336e071be.tmp

Filesize
6KB

MD5
eed7e2b416c7528dd3efba413d7eae6f

SHA1
9ec60dedb3aab1d09653201ae180d6217d674e17

SHA256
d24fe087462587cfe385bca72549d5b188fed58cf1c6b14dcaf8ea5cd927291d

SHA512
2f426f11b3a47e485a77846daef87529885d9641da54f6ae8fcdb1c13e18ede891de60d8ac403a62087b24cb8b632da3f6b180fab98dc68a7a4706b81cffb5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
70f5f7577209037374131114e2a9e391

SHA1
29910cffa8a0b028914184941be2b46a50023aad

SHA256
de0ed49c8d965b91625cecd4277731e298838d316cd9712237a6174672935048

SHA512
b28a318b6ee45b1cac23882b57e6b43fad3597bb3744d5c0d5d6d0487316ad0665b59a5ea2c14077539441671e717859f338f65dcfa88a94d38c718bab1a0890

Download Submit