59353dad6035ad3310682031e33d471d27a34dbc020c823b2fa785f174ae6e14

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 10:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2f2077faa38b520e54a89069e5d6fd55_JaffaCakes118.html
Size

144KB
MD5

2f2077faa38b520e54a89069e5d6fd55
SHA1

5a79bce1a5bbba98b20a2c7ed66ad8a3cac638ac
SHA256

59353dad6035ad3310682031e33d471d27a34dbc020c823b2fa785f174ae6e14
SHA512

aaf8de6b1a321292add16303ce580dc30416cbebdab768ad0df3a9a319ae61e0ea50ca8f99f62ba7027fe590f81c01af013a014024ee0422b332bd9c4eb64c88
SSDEEP

3072:SOzvSRdx7dyfkMY+BES09JXAnyrZalI+YQ:SOrSRdx7osMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
728	msedge.exe
728	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
728	msedge.exe
728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 728 wrote to memory of 1636	728	msedge.exe	83
PID 728 wrote to memory of 1636	728	msedge.exe	83
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 5016	728	msedge.exe	84
PID 728 wrote to memory of 3520	728	msedge.exe	85
PID 728 wrote to memory of 3520	728	msedge.exe	85
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86
PID 728 wrote to memory of 2684	728	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f2077faa38b520e54a89069e5d6fd55_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9264246f8,0x7ff926424708,0x7ff926424718
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10069940679908402211,3281277468902186461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10069940679908402211,3281277468902186461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10069940679908402211,3281277468902186461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10069940679908402211,3281277468902186461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10069940679908402211,3281277468902186461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10069940679908402211,3281277468902186461,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa5fa5660cd044b83da5f177ec85a3c1

SHA1
ed4dd73ded24f8749569d4c2ae53f107febc8361

SHA256
fef2e0291ff15e58d4de95d78a90c65225a04e1e94b62967f91302c0d253ee32

SHA512
3600cab723ebda10ca5f4930500e93ed1beff6bb03e9f03c8f4f07f49ffbb84e7aab407e76047b70f7e8674b82eb9ac3ae975ed1ce1da9ebba6db2251c14c873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14580f0f5c669fda2f26bd6a7053c960

SHA1
fdd8f424af9f50c398772b21fb5e43d6463cf51f

SHA256
5e40b34f8ba0aeb8932be63cc23584d736b36b8679dc867e1b463d8eeca4bdc0

SHA512
14d2db3ac35c68aa63e5d2eeaf716aff890cde8da691dfe2465fadb7ea46df20d6bfba1d640496933c6ae933d4785c694f60af488382982c19fa3ee224dae884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
43d9fd9f489a4e08764c871572e1d41a

SHA1
b3a4c52bd4290b131f2127188c6bd42c7266cb8a

SHA256
05871a9c22044faf413c4a2478a25277e9addf2a4dd8dcb65883d5bd68d490e3

SHA512
26ce690298cb97ef01ea1ba8c6120948fb8f0362ab65e5a3d4867d6d1eed0b5856a47619a78a0102e58de731aede290abfa58235eb5b92ebe13b32f6eea9fadf

Download Submit