d83d70c48f0a4f4ee30210f3769a5f4fc7841f703ac02d2acd27757d1e104992

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2024, 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31118d2bedd362e7895f5952736df653_JaffaCakes118.html
Size

141KB
MD5

31118d2bedd362e7895f5952736df653
SHA1

79f87babae0e2c4c69b9f1f8328848c4a038a978
SHA256

d83d70c48f0a4f4ee30210f3769a5f4fc7841f703ac02d2acd27757d1e104992
SHA512

b87b4a512cc7b9bafc41e9c1048a3903307ba023c495690ff55dabfbc7b2b58f2d2ae2441212cb8451742899dcd1e9721ffb9118de39d4a871ec4b4a79f510b0
SSDEEP

3072:S4+nlhjx7dyfkMY+BES09JXAnyrZalI+YQ:S4+lVx7osMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
4816	msedge.exe
4816	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 2248	4816	msedge.exe	83
PID 4816 wrote to memory of 2248	4816	msedge.exe	83
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 3096	4816	msedge.exe	84
PID 4816 wrote to memory of 2776	4816	msedge.exe	85
PID 4816 wrote to memory of 2776	4816	msedge.exe	85
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86
PID 4816 wrote to memory of 2240	4816	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\31118d2bedd362e7895f5952736df653_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec9aa46f8,0x7ffec9aa4708,0x7ffec9aa4718
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11831067519773600130,15276224444836901908,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11831067519773600130,15276224444836901908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11831067519773600130,15276224444836901908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11831067519773600130,15276224444836901908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11831067519773600130,15276224444836901908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11831067519773600130,15276224444836901908,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9525faf3da7a1e73f3d90ec832b393e9

SHA1
f52358c84fd8e889b56e842bed92dea01f590244

SHA256
cee1f2e706cf05af2ad594b0ea0098a895df01033a6c30bcd9cba502b3320f4d

SHA512
3419838416b304e30cb8e74ae4d265abffb43d9f9acb86ca9da28ec9c27b6379084b326f731154019475ef93df24811d201e8ef3a2392ba5ef762db99920356f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c42e72dd134b912b5de45db81010d2c8

SHA1
191a00226985975e89969376139f916e51a7c3a1

SHA256
c750825349712f9a9afbf1cfbd8ac9678941f667da54edd24c6ea811a2415607

SHA512
83e639010d1a3150345397be63109023e258e1781898fbac5cdeef3898377b9afc84111b4b2054071d7e17db38148d4ceb64b84d52fd5a4a3e2112f6948ab3d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0a6249917aa4286e6d75d7504e4df57c

SHA1
087b626f74413c97d695f39b1ceefb98421d2a2d

SHA256
fd50e491c7ad9023fb2a9cd844a087e5daa99e2ce9aa84559896143afe5749cb

SHA512
b5ecf13ca2a7d214e6ebec507ef96e3470e0713a451d3d5624a65389b05284d2d2dd7e1dfb594c5a345e4dda74598f9de31f25d1d35b7ddfdd6d714bdf251b5f

Download Submit