a5c815e2244412736479825e51381fb1981dfee91931b603b903799efe653077

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2024 09:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39682ae66acfb920609687fad5ce1905_JaffaCakes118.html
Size

10KB
MD5

39682ae66acfb920609687fad5ce1905
SHA1

f2958c6aeb1b3789de4afb91a05a3daa86c8af90
SHA256

a5c815e2244412736479825e51381fb1981dfee91931b603b903799efe653077
SHA512

26b04e2bd5bd48e4704e666f13304e82def1d3eaf91de921fbd7712a82a02aedb24d9160624fa8285d7e6ca48ac601c7e137448ac878019919bcbe8dd5525dcd
SSDEEP

192:2VSlIsr03ZK8k/w1wvqVkZBBHCn275Cct01LauBuLbdU8d:sSlIcuZS/gYBBHCn275Cct0LaguLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
4372	msedge.exe
4372	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 3020	4372	msedge.exe	83
PID 4372 wrote to memory of 3020	4372	msedge.exe	83
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 5112	4372	msedge.exe	85
PID 4372 wrote to memory of 4248	4372	msedge.exe	86
PID 4372 wrote to memory of 4248	4372	msedge.exe	86
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87
PID 4372 wrote to memory of 1104	4372	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\39682ae66acfb920609687fad5ce1905_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa62046f8,0x7fffa6204708,0x7fffa6204718
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,955313250239638131,12359180740998787294,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,955313250239638131,12359180740998787294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,955313250239638131,12359180740998787294,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,955313250239638131,12359180740998787294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,955313250239638131,12359180740998787294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,955313250239638131,12359180740998787294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,955313250239638131,12359180740998787294,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
6db0f3eb44a1426bbed84de20764e4d4

SHA1
dc6f814dbc2b039c4a1f356e8c017be289df1cf1

SHA256
88604e2e07468754d3a7d0de78325b8ea13718a5a258d800688361fcb166bb88

SHA512
554215f380d8fd4bda97e63ace38e1decea1533725d9938f92fadd77947c53f1b6a3272bc9844ae0383bb4b08bcd485a4a69089297bee5a146ebd5d0e7aeb93e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9f36926435828bf0fbd3f8a91e39b69

SHA1
49af2a48f504c62db5d5bc0fffce9cc491a6245b

SHA256
20984a23ee01ee3799fa2de61e921c5b591674e6149a9a23403c78d3b2aeadcc

SHA512
2e8b8504b262ffcc0ab871d4daac5b37b1aebbfdd41d19ae99f3a7f06526eec92f16aa3b864e3516d8542efb872279e3f15309e3802086ce99a53d13725c8639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3000dec9c68b7c65070dba335c4c3a3f

SHA1
d20373f6e32b260012ef28d7c95d34d23fef3c62

SHA256
dee8e27d1fcc95486e9aaba1cdaec341135393709d0661ef408714d5f1080857

SHA512
9fd51716ec280c382b9070ddf4b46349ea06d727d6d152a0fa21c9a445289b1c7e778c5d7eb1de6a9b31a0d0cd5e285cf6e19982c98d757d71f12f350bff7bbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b020ccea4e415a2c64ff7bd5454cc25b

SHA1
6e9a53c191cec3c20102cae238ce07b543742b74

SHA256
44aca2cad7468c2242e98b1648a8350ea117b703419af9a2cf4c95fc3fb73fa0

SHA512
9733dd9bd66d14bb8677cff65528edd732a83559a9a99bd43ac82fd0ddbf1fef4808ed3446f1da25d33f3a8fc0da76d7da5362173d24415726d309b12ab73b26

Download Submit