495336dcef3142fc803f78d480d452a03c9bcd7b8f477cadf2d27afcd66eaa62

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 03:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ffda4b73278759cdffbaa0480b6ee9f6_JaffaCakes118.html
Size

45KB
MD5

ffda4b73278759cdffbaa0480b6ee9f6
SHA1

6f8a5c461fd50c080307dcb1562e118ebf166018
SHA256

495336dcef3142fc803f78d480d452a03c9bcd7b8f477cadf2d27afcd66eaa62
SHA512

ba211d09d6e04dc37d2c5df3642c035ce109196e178d67cc451399b0f505d71d27fbedb4f3f770bf45e208a4c4fcace8e678507723398bb3c35a7430d7252f32
SSDEEP

384:g1FTEPXK0POUtMF3zBXxaF5Joncic2XM13gYbF203VOZnK0POUtMF3zs:jxOGmjqFKcr13g2O1xOGmjs

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
852	msedge.exe
852	msedge.exe
1520	msedge.exe
1520	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1520	msedge.exe
1520	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 5116	1520	msedge.exe	82
PID 1520 wrote to memory of 5116	1520	msedge.exe	82
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 1504	1520	msedge.exe	83
PID 1520 wrote to memory of 852	1520	msedge.exe	84
PID 1520 wrote to memory of 852	1520	msedge.exe	84
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85
PID 1520 wrote to memory of 3960	1520	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ffda4b73278759cdffbaa0480b6ee9f6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd42d46f8,0x7ffbd42d4708,0x7ffbd42d4718
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11147343940574198302,12293762475855301212,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11147343940574198302,12293762475855301212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11147343940574198302,12293762475855301212,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11147343940574198302,12293762475855301212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11147343940574198302,12293762475855301212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11147343940574198302,12293762475855301212,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1df848742175fe8c7ca23db39c32f9d4

SHA1
89a3b7426958c8a913283251b709118bad0a9afb

SHA256
8cf24afd61d4c45e8ac9665d2df042b7d2214936e11b9972fe355ff8e283e204

SHA512
4edc39b8918760ef7d08c0307d219c9a2ec5869661fdb5766d450f214040383f0e1e4bcfecce794d4c7955aacbf5648ed73f4609ef5f222e74e29a0609e6ea39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ce3a0480217600363df7ae748d4e2c0

SHA1
65e83477816fdae33acca9904e817c14872a1a3e

SHA256
25750fe7d38abfd2be4283aedc9c50fe577347fa5015c2cff16da083f4d50824

SHA512
e00568dce6c710bb00cb99b1f49bd59566d0eee07028d65d00e8bf967b3362070f46ba049c285f52b815ae3612dcc760c0e0d21c643d2a21c8ba8740856edd7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
06363b76902c3ac1d5b926fe10bcbffc

SHA1
cf04f2b05afb787be46d3819cd0199aaa9f6f57f

SHA256
f8cd2b246e30b9abb47ad19972fa07df95e03902af2eff3ebee51d9d259f303f

SHA512
af0818f5d8d22122416c89a17c747117d3f1529a407f2af388831027ba30d285e2e189567c09b5e78e48b33bb87ce33ffc316aa0fb53bbf4491955717c50d50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3e037827a5062ecfa4185d7a153f531a

SHA1
5cf31db03e7394ec9f0dc8fee35b4b141db83cf1

SHA256
1fef0d80e9c1a2895bbe81377927c6610df214f783a9151e6649be1aa7a97d20

SHA512
fe037d32b7d08b51bbb60c116bcbc9d6fb6840d1d90616f457fb96e851db6e05a58c452f5ebc57caa412ee02295bc0d604cc2be0ebba33d74c5e2e6086930366

Download Submit