b67bac409b5e530f11c1e4ac43a9d76a6ae020c5104b06ca9773d91f01355b6e

Analysis

max time kernel
145s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2024 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6a1a292827c8a2ff556c07a04428df0_JaffaCakes118.html
Size

115KB
MD5

f6a1a292827c8a2ff556c07a04428df0
SHA1

9f30da26cbd190ef3043a2b0fb46c25734ddd554
SHA256

b67bac409b5e530f11c1e4ac43a9d76a6ae020c5104b06ca9773d91f01355b6e
SHA512

ef1ca93772d3fe335c696998b8513535869f24e4c6035faa968387641efd772b8cf2e01b6e5e0900cef18a3aea12ff5f2721341c8b9fcd59765e75d2af5a7a84
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcFtKHAuioL5XTgcZuZZBHp:sFTLLWT

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
1148	msedge.exe
1148	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 1888	1148	msedge.exe	82
PID 1148 wrote to memory of 1888	1148	msedge.exe	82
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2968	1148	msedge.exe	83
PID 1148 wrote to memory of 2200	1148	msedge.exe	84
PID 1148 wrote to memory of 2200	1148	msedge.exe	84
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85
PID 1148 wrote to memory of 1188	1148	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f6a1a292827c8a2ff556c07a04428df0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf28c46f8,0x7ffaf28c4708,0x7ffaf28c4718
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,8340041514142083470,1457655610450591801,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,8340041514142083470,1457655610450591801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,8340041514142083470,1457655610450591801,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,8340041514142083470,1457655610450591801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,8340041514142083470,1457655610450591801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,8340041514142083470,1457655610450591801,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df5fa35b428c58c36d7d75e9bf892ada

SHA1
07c0d0046a29106a144640118fc81f12c0075891

SHA256
faf45dc7d4b380a6dd6e4dd63706f51cd872c76ed90d0343eb7b48426427968a

SHA512
43e9fc1b67981a83106cd06dc6b1d8481c6854d8e2a7966e8fc3321df452f14b0e5d71bb11802f323b8c69e6cf9a90788d5d7c64155d33c9a7fb2235bbf70994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
10f056db057c1a8c5eecba32669ab11d

SHA1
257fd19d221fc850b65c472b19281224da8e66cb

SHA256
8b4e03b1a099eb5690616fe72e5b9c4743d74860fdaaf57d8365155174ae264d

SHA512
ddb2be56f03ae117361eb4286dbb6b3d78c65002500dec3fe8b85670fd2a8c5a6b911e9477178ab841d35617f6f97a7d455b7cbe989ab2b307776506a4fdcb91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
efcd9e7074d8d21c8e14b2f05a92a675

SHA1
2133e4f51a2d699a87389fee23c055b62c6b8c52

SHA256
3f07adacce33fb91260a8763b756d237955556413812b53db89852c994d13149

SHA512
b6ea3cfa37f8d6b7ad1051aed906e923c5b82ea89441218765bd94562f5c965de4bdece733271e4fe5870fc98f0992fc7e3d31d45dc811e38c87d7d0883e7912

Download Submit