efd919d965d90b6c04c86b5889558eef38d53cce7745dfd3ba00eb9ae16e1a47

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2024, 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3090c6f09bb81b4a149c4c28f9c4fe73_JaffaCakes118.html
Size

138KB
MD5

3090c6f09bb81b4a149c4c28f9c4fe73
SHA1

cd1317f70564c27f9abb330c35ab161dec3b1b3a
SHA256

efd919d965d90b6c04c86b5889558eef38d53cce7745dfd3ba00eb9ae16e1a47
SHA512

8dd516bd396283c19d798e9b7ac040ab9c72339bd84e47268c39a41097bd50fb29b0e97e16e0f6909b31c042c3981fd57fa40e088f39c577cba5871d78b9ab28
SSDEEP

1536:SoNm1CKjlKLbXyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:So3bXyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
2476	msedge.exe
2476	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2476	msedge.exe
2476	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 1484	2476	msedge.exe	83
PID 2476 wrote to memory of 1484	2476	msedge.exe	83
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 436	2476	msedge.exe	84
PID 2476 wrote to memory of 4116	2476	msedge.exe	85
PID 2476 wrote to memory of 4116	2476	msedge.exe	85
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86
PID 2476 wrote to memory of 1600	2476	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3090c6f09bb81b4a149c4c28f9c4fe73_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87d4646f8,0x7ff87d464708,0x7ff87d464718
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15897371314307549315,17590055477194677290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,15897371314307549315,17590055477194677290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,15897371314307549315,17590055477194677290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15897371314307549315,17590055477194677290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2936 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15897371314307549315,17590055477194677290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15897371314307549315,17590055477194677290,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f5cd0a587d627db7dfe4cfac5c7c57c

SHA1
7acc6d34dfac8ebe96651b4c966c5746b27863c5

SHA256
f75a062fe529ace0e1bdf1d5f544a1ea0006f23871679a822b8a85aad646b898

SHA512
d1f6d092a45262a28932beffc888c1a60a2df9a90fd3d1f670428560f34d4cda35dfbdafb2ee36d0471fc8007eaac47fbac18294fb69c2fbed3017fe0598eb53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66985d430334ad294ec864900aa06bb9

SHA1
0bd14c662a4236e15abb0e109591ec41497ade13

SHA256
a65ec62726baa631438954896690a304d230bd6535bb5de8392c76ffd056dc30

SHA512
90249ddb4d31ab35015f3b4b66ae479823be55662387ee9c255cac0e4936b67f558a5a134af400a74fe0bcc6d7622e01bd800c88b77ab35231317fad3bc8c4df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d1f30e3a1f06647e099fcf5cb48dec9e

SHA1
b913f1878118b8f67c45102c595c54853c3f46b7

SHA256
1f239514bda31a30eb11a04da72205ab97a742042158635e0b84358a7fdebb27

SHA512
ff8e769da127ebc1cf0b909b98201005004e5c9ab53b922c700e016118cc46c798d50807fbe209eb1a37b381ca19e64856743f9ae54d16fb4503b7b5858a4410

Download Submit