ddb8899917bac19c22471292e1ebd1a68c32b3d6ccc7e977db35ef7f04aaa807

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2919cb5cdb9a9ef6dad6d008e6fee126_JaffaCakes118.html
Size

139KB
MD5

2919cb5cdb9a9ef6dad6d008e6fee126
SHA1

31da8212a60a9954ae6a8c4ecb22a54ae0c2bcd6
SHA256

ddb8899917bac19c22471292e1ebd1a68c32b3d6ccc7e977db35ef7f04aaa807
SHA512

010351a1e49753137ae352431614889370f12af1291b9e80c4c9fca7254ff46225c750c2012d5a032d5b46f38154aec90bbb5d861d4abab51c520812d66cb24d
SSDEEP

1536:Ssiv495Fo6ljW9N3nlusOhyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09M:Ssif0hyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
828	msedge.exe
828	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
828	msedge.exe
828	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 1904	828	msedge.exe	83
PID 828 wrote to memory of 1904	828	msedge.exe	83
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 1800	828	msedge.exe	84
PID 828 wrote to memory of 3912	828	msedge.exe	85
PID 828 wrote to memory of 3912	828	msedge.exe	85
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86
PID 828 wrote to memory of 1344	828	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2919cb5cdb9a9ef6dad6d008e6fee126_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xa8,0x108,0x7fffb34246f8,0x7fffb3424708,0x7fffb3424718
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,18271214060301117890,2811522593176752907,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,18271214060301117890,2811522593176752907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,18271214060301117890,2811522593176752907,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18271214060301117890,2811522593176752907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,18271214060301117890,2811522593176752907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,18271214060301117890,2811522593176752907,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4604 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
477B

MD5
f5c0385f8ff9cd32a94a632edba69287

SHA1
5bfcce3d5bb35c344c0e25835304d29ee78eb8e3

SHA256
b8176e065519e6647b0ff642974165e1116c1a7fa0c7ef14be2afd4b7ce06975

SHA512
9fb4a76591a6fc1543441b5339b28df61767a979021e681c4443215ee02f97e938fb8fe809761d7533037bcefef8f9e3ca4ac803cdc2da90e162a65ed0ad07a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed530890f32bb31edcd31f04090526ab

SHA1
862143fb8ccea70202c56a141de7b2dfee5deae6

SHA256
762d3340b6cc2dcf6e20f00b8d00e4fdd882bd46f7f0761270302a476508137a

SHA512
bb970ecb5ba805119b42fb669e652a0efa7cef1e7eca88c6aa920b06e909db88e1f1f85bb5b27d6f7884e8fd83c6e9627f541afde0999bb35697c4db4fbaefdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2fb0d1a79e14c3585c116b5158de058a

SHA1
ca27b38f7978de4bff9ef53f9f9bf929f2779b48

SHA256
6c5f7f821e1ea5aa50b3e357ab8eef1267eb576142c57214871cc7c2d47e6748

SHA512
f6d1a061888d5126512ac2da030bad452f792974cd20464eadf8da009352ddfe525b6f580c9efccfcf86aa5297f5f97d95acff94f3bf6dde61d0bdeed3274463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ffd3dfd97c9bf5c3327bf891920e2fa8

SHA1
9ff5863ff80d92823a7f1c338c4a11bf35d9b1f4

SHA256
0e3178dce7369be8e6f683031cd172698f6c1da62c5922fa3032348165216bf1

SHA512
be7a28e6b01a7f3ad544dccefe6a6e1dfed8951cd8b72d9372b18570038f6a7dadd938e667203285d3f1fb749fbd93dd78f0567cd5e22062e54eed93498e93ea

Download Submit