ae58c58b0f333154f82fdeaaa4cfba218c1fb59c7913813f31705071b798e980

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a14ee4e916f1bd57381fd212c033434_JaffaCakes118.html
Size

13KB
MD5

3a14ee4e916f1bd57381fd212c033434
SHA1

a0777bef0a4b41286f7018b1eab36214328c71bc
SHA256

ae58c58b0f333154f82fdeaaa4cfba218c1fb59c7913813f31705071b798e980
SHA512

4ce9418bfe49a482facfbda687b07f74f6787c3cb8085edb7c992aec40de2fcc19af66b7d740a7594073043026aa33e47de5a6ddda37512122177750e25d844c
SSDEEP

384:sdlIcPVCjt+/gudBeZ+nyXluV0PVzguLZ:agRc2VxLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
704	msedge.exe
704	msedge.exe
4144	msedge.exe
4144	msedge.exe
208	identity_helper.exe
208	identity_helper.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 4916	4144	msedge.exe	83
PID 4144 wrote to memory of 4916	4144	msedge.exe	83
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 2400	4144	msedge.exe	84
PID 4144 wrote to memory of 704	4144	msedge.exe	85
PID 4144 wrote to memory of 704	4144	msedge.exe	85
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86
PID 4144 wrote to memory of 2920	4144	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3a14ee4e916f1bd57381fd212c033434_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2288,3294080723806032066,462569833994527205,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2288,3294080723806032066,462569833994527205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2288,3294080723806032066,462569833994527205,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,3294080723806032066,462569833994527205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,3294080723806032066,462569833994527205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,3294080723806032066,462569833994527205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2288,3294080723806032066,462569833994527205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1332 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2288,3294080723806032066,462569833994527205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,3294080723806032066,462569833994527205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,3294080723806032066,462569833994527205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,3294080723806032066,462569833994527205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,3294080723806032066,462569833994527205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2288,3294080723806032066,462569833994527205,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5e0b5e53dfa47e4b250f36abf013245c

SHA1
cae24530012d6a988e8d7e05037e099b249d2ede

SHA256
04b95cf269b870cbfd0784c70891de336059ec6d76eb4438f616c1847f5e76b5

SHA512
e438983f21faddb1ba119d5da59c18251bf17838cf139963ce38ab1451dc3b4a7ccb6590d0e10f410c8c52880802d21d9d1993e55d7e9dda2d41b248036a119d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
738a36fc23ee35c56fc538f8cf88a55b

SHA1
a77d7eed7139856f3a2f9b97fc4ff9cf013880b0

SHA256
3e8f30bcda921023f8a853b546ff4f92e2bd8cc620a421f633d9e4a14f86f6d3

SHA512
9edc45de1ff617057edcc92702ba43378c3a0d5028bfe789673cdd1f8fec5fe4dd394900e59ccd6f342b9c3d251c8e91ade1bf4763a3d8699353dee11237f02a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c543fad6ce9edad9866f928c75cf0ac

SHA1
474d672a842a2fe1cde68665ebdce6b4c9b99cd5

SHA256
51beea4959d573ec31306b8266c0e151c6700f9f4731d54c862590b5621e5ec0

SHA512
123cfc2fbf19671225e5f80e0a5e18fd9acd4dac543fb00a7a31f53ece966041c98a00e8ba9aef027017114ef9bfe1f670b68dc5de3fd293bde4b1698777e78c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
22a23ccd9abb59cf985ad6f1a923ea38

SHA1
a70d47e3b4290c4aa645699ce341fa4fd0e5ea06

SHA256
cab41b2016f5d2c565e47260da6e51dbe6254fb5337f646413d29dd0ce2237c5

SHA512
ce6229fed8056b4882a51f8c6301b761847b0f5ef50f3710974731ebd11a84b16d9aa2d82bac5e33fb02df6033899fe89b351e04d8187497a452ad603a503203

Download Submit