04f7270e6e9774d94fd7dfd48c0e7b87815736ee47f3ee29fb7618852969f04b

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 23:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3c99575050cb7faf55ba7f73dadefe60_JaffaCakes118.html
Size

138KB
MD5

3c99575050cb7faf55ba7f73dadefe60
SHA1

d7809f27ddb0644979eb8639694f157722753730
SHA256

04f7270e6e9774d94fd7dfd48c0e7b87815736ee47f3ee29fb7618852969f04b
SHA512

1a82cfc6aa41bab9bc5261b47ebb26db8b66cae64404fa0a8e35b678157b9462682da68336bd1a25f03e733c87212146affa06d3e100eccd13d49acb713d4f02
SSDEEP

1536:SID7ivployLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOZ:SI/YUyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1388	msedge.exe
1388	msedge.exe
3020	msedge.exe
3020	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3020	msedge.exe
3020	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 3552	3020	msedge.exe	85
PID 3020 wrote to memory of 3552	3020	msedge.exe	85
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1892	3020	msedge.exe	86
PID 3020 wrote to memory of 1388	3020	msedge.exe	87
PID 3020 wrote to memory of 1388	3020	msedge.exe	87
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88
PID 3020 wrote to memory of 2508	3020	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3c99575050cb7faf55ba7f73dadefe60_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6ae446f8,0x7ffb6ae44708,0x7ffb6ae44718
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,9186982937628131914,15798885423936185172,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,9186982937628131914,15798885423936185172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,9186982937628131914,15798885423936185172,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9186982937628131914,15798885423936185172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9186982937628131914,15798885423936185172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,9186982937628131914,15798885423936185172,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0732ff37e87e360734685e704a526f54

SHA1
02eb86f6e85972ea04322962dd92d603a31622c8

SHA256
d4778590a72ce8b3b1a3cc34973f6eadd90d23170c78b265ebdbd9104ddaefb2

SHA512
4a958077e3ea4d02783acb25ea7c6470412cc592f40b8571d5d693a1726a449a4e60622977e133c5e8a3f9a57a58a2d17cec56f7ca37fc88cace2c9271b25a06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf580966d3c049fd9feb44a46d4d00e6

SHA1
846588f18486cf86c1aa8490429b9b7490e007fd

SHA256
7a4bfbbecec56bfa950e9f0b79e020dde2cf72fa499b8171ddbc28785c761796

SHA512
7ec03dbd8c8fe9350c62f8dc77e8d3dbdafcc076ea5bb349e89fae2d0c569caacf4518851f35fde27d4c0bb5eddca29fc04814dab53a7de7ed03479b128e1a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ee701c26d23604968b864329df9b24c9

SHA1
cbc132824491c9d0607b361db9854803413ae901

SHA256
6df7cac982f2413590aaaa8eca483814b74ac784bfea78ea678e047218866a61

SHA512
127bcedbd55833de4c94f3e2eb029962a383890dfdcd2310c52378a59b7cebccc1de0c2165421f77966847e49e367b4e472f180b48433de01c6433a3788f1bc7

Download Submit