eda95a3e46d123ecb6cad470b04690ade3789c83110ad6ec2d1949a74b660f96

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29bd50980a23bf76a31f82cabbf350f4_JaffaCakes118.html
Size

139KB
MD5

29bd50980a23bf76a31f82cabbf350f4
SHA1

8fc89a8cc27480af6c17fb301e868bb0e9dbfb07
SHA256

eda95a3e46d123ecb6cad470b04690ade3789c83110ad6ec2d1949a74b660f96
SHA512

40fcd2d1aa77f6a050a6b982355fe327f997d501dc4de1964c9ccfa212343948f16f045fdf1ad2a999d365d66223023ad557ddc4555893c91286a60bcc4ee2b3
SSDEEP

1536:ScZJthV2lgp7yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:Scl/yfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
4504	msedge.exe
4504	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4504 wrote to memory of 1188	4504	msedge.exe	84
PID 4504 wrote to memory of 1188	4504	msedge.exe	84
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 964	4504	msedge.exe	86
PID 4504 wrote to memory of 3348	4504	msedge.exe	87
PID 4504 wrote to memory of 3348	4504	msedge.exe	87
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88
PID 4504 wrote to memory of 1096	4504	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\29bd50980a23bf76a31f82cabbf350f4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9756546f8,0x7ff975654708,0x7ff975654718
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,12068730684157921311,10089275037583757783,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,12068730684157921311,10089275037583757783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,12068730684157921311,10089275037583757783,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12068730684157921311,10089275037583757783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12068730684157921311,10089275037583757783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,12068730684157921311,10089275037583757783,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1b9739f5776a018d1dfea64dee3f4897

SHA1
3dcea83f53d046c24318fb0748f4d0652b213456

SHA256
a667d0d19885a961de72e4ba4b89957e9904bb9ac99e878e7fc106da0b3091e0

SHA512
d22f0a192450d4185fe73674d0bde7f2fa1f68bcc16ade038c372028a891d230391e45d08c02db9d11b8fccc250abbc5a29ca3d7759dbab8cb937cb4066e46e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2c40d5d7c5e0a85321aa5a230e68a231

SHA1
c4ac788ba4da6897adc3c9ef661ca6b469fc547e

SHA256
9bc3a5bef04210d4751fd4ed395131776e8f7737a5a377be09fcddfb7eb45384

SHA512
bb513fae1e4dbaed4ae59181407a24fe987c642451e6546fbcf14555fae575ff2d227fc39dee997fd64407d2927973831bfa14645d675c041b2dfc61ed3d55c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5b7b5c3e3b15565b554c26f42447ab94

SHA1
69964027baaecd68180a77526f6a640f9f446e15

SHA256
a8d6f7435cfc457b727eb645e07b487e4118c9235c631cbcc8dcbdfae55f8723

SHA512
6efa586a86b0cd9aa9c2b7dc1af6e312021b56e79cc984f8cc19977d844f55cf89ccd43f1e4618cd58594cae5833e0bcca0f28fd0bc5fcd235608f03575232cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
40fb2864a77468630b9839cdb32961b2

SHA1
56867102f9e6b8f223b568c9be8a41d1e595344b

SHA256
a00cc4f4d1f07e81f49a63a57ae9c38ccd45aa263442d35a2701b04f87831b3f

SHA512
51cf62cec16ecd9e0dbb3b87552e463888368af8be871971e34c37a530ab23d172406562cf2de44d083bb19168bdcb5b484684a1ba6a6dd16d04aec42514292d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
62fa438b48fdfb61c360e6d4fd356110

SHA1
6e54e946a5211afa1459715b9f37a18ea92cdd57

SHA256
fe3d2e83848ede65097467a54ea813ed25a51119e87121089b3cfc531ebe5798

SHA512
01ada296a3fefe713f53d80d2c95b6e41231012d0998077b7948a68d961b61292d1e3b1b3457488eaa739fc4ff0974672ee448d29d2fcce2c1bebab49da96624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
bd01833867092a3eece12f69badd11d0

SHA1
57aaad194dadee45ba9561a1e67bdf585fedee59

SHA256
08f78202a2c04b0a423cb509b0c188eca003e600e01ae6c7de4233d937ad7e7c

SHA512
d98f365fbcb5faaced3d79e1289252b24626b89a8d2ccd0a1a0630f37e97b5eef26c4836edf17c60a9c83d7e1a1e19a4c5889599189252055d65c1e0247c1a10

Download Submit