b20b6cc5ec6f4dace6fa910c3ba2f528b2181ef5d9bac9ab7ab068fd59a937a3

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 04:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2aee66168be1f5d560493c7e0d2bbaf9_JaffaCakes118.html
Size

139KB
MD5

2aee66168be1f5d560493c7e0d2bbaf9
SHA1

ecac30c945dc51a00fbe71abc06b9d312120f0b9
SHA256

b20b6cc5ec6f4dace6fa910c3ba2f528b2181ef5d9bac9ab7ab068fd59a937a3
SHA512

83616cdcf66233d11ef502ef2404a69a0102b29037e0537649a7601dc1327733ada7cbc7078be1e764d16bda3b76c355b303b2421e9ace3028379138c75948f3
SSDEEP

1536:SSKvowJXUs0+lE7yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:SSKwUU7hyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
688	msedge.exe
688	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
688	msedge.exe
688	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 1224	688	msedge.exe	83
PID 688 wrote to memory of 1224	688	msedge.exe	83
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4600	688	msedge.exe	84
PID 688 wrote to memory of 4516	688	msedge.exe	85
PID 688 wrote to memory of 4516	688	msedge.exe	85
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86
PID 688 wrote to memory of 1764	688	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2aee66168be1f5d560493c7e0d2bbaf9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b43a46f8,0x7ff9b43a4708,0x7ff9b43a4718
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,15667040760420756929,1024508236370244322,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,15667040760420756929,1024508236370244322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2580 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,15667040760420756929,1024508236370244322,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15667040760420756929,1024508236370244322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15667040760420756929,1024508236370244322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,15667040760420756929,1024508236370244322,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
477B

MD5
9db11a983b13c373d4b21bfce169146d

SHA1
2b201c8c85ab210375eebea07cb7b7ac1247cc19

SHA256
a86c7c4df5015ce6007113923b1cf089efb369293de75175f59a45d8cb02f5da

SHA512
6fe763e137b9a60e8684eeb46c92b310d7068b9e07d8dc71a327eb922ea1134fa0272a42657b5b7039f966f62da26e7889b24d2a069b345462028b86692e1d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25842dcfdc7310b6a957546f6fbef9be

SHA1
012d6b8e18bc589081e24f177aa25b0169899a94

SHA256
afef9797d0c052905388884c968f863e2991c595a26410f2842fd5ca24fac65d

SHA512
53d5a81d909fcc8f877702359ebe419a86cdf162af6cd13495ecb84ba03a80b9b8dd44be2119c6cec8a46cb7eaeede7411c56e23937dcad787cf01198a815b4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d0d25c8b25536d51c9fa05bc207604d7

SHA1
5aef8b633bd8506f0497337501d2c623b376fef2

SHA256
9beeb0ad10d489d51d693b1558bf0d725d7e988af253a0401c87bc587fe3513b

SHA512
7b45257683e34574b69767cb5cd55e8dee870815f8a76f54cb89fe5e69dcb4a7c55ce98c2b29526ca0b094ef69fa4760a67dff223e1bba5f92dd3389baf4b907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
457927ea66c997d6477ef5741e808dd3

SHA1
64d1853e01a2dd1695e243241f3e8af878ff065d

SHA256
b3582a582da1b2b5f6d2d863bcb173b4f0d583907d53d415e3a9a85c2f317207

SHA512
fe2db9678f4db9a72227efb45a25478b18caafc77f6c5fa6f92f426b7a0a25f38ccdbcd2c164c12ab639e87173a967c164c090bddf907e505eab23f5c100ee46

Download Submit