211116e7b59afc8b8f07865d62f88b9fdf24c1bcc848832cd9609a3dfe06efdc

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b41c607eb7cab34b97fb4657cbaabf6_JaffaCakes118.html
Size

105KB
MD5

3b41c607eb7cab34b97fb4657cbaabf6
SHA1

c88b30371651937eb54acdf9fc6301a8c7b50495
SHA256

211116e7b59afc8b8f07865d62f88b9fdf24c1bcc848832cd9609a3dfe06efdc
SHA512

ab1d409a5f2cff21fbaa92798f6e6b93135a33db74336bf1cd382a2f0caefad073ec5b6b6b8bd2dbd0755a921e29d9cd41f43e83b372ab23510eed0e805bbb0c
SSDEEP

768:qk4pHvvCIoo7omg/7idegP/tijYAD6c9h23dBWlFZXp0iT:qkIHv7oEoHAegPIYo6c9h2NByFr

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3680	msedge.exe
3680	msedge.exe
3928	msedge.exe
3928	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3928 wrote to memory of 4828	3928	msedge.exe	83
PID 3928 wrote to memory of 4828	3928	msedge.exe	83
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 1696	3928	msedge.exe	85
PID 3928 wrote to memory of 3680	3928	msedge.exe	86
PID 3928 wrote to memory of 3680	3928	msedge.exe	86
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87
PID 3928 wrote to memory of 3504	3928	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3b41c607eb7cab34b97fb4657cbaabf6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8314689459419185248,2226899606970501977,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8314689459419185248,2226899606970501977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8314689459419185248,2226899606970501977,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8314689459419185248,2226899606970501977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8314689459419185248,2226899606970501977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8314689459419185248,2226899606970501977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8314689459419185248,2226899606970501977,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8314689459419185248,2226899606970501977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8314689459419185248,2226899606970501977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
68c8f5f47c389d06cbc5d32c57fb3e18

SHA1
41b746b156b272073071d714d2ce724f1b99a977

SHA256
47248029fe80834b3972a854c405369d10dbd960db8c3afd8f209321a1028550

SHA512
1a64e606d8ca43167de4568dba1e8356f31d7a92b80b5403d0bb1fc7880d5add756ce3d50dce7612ee8d0f3f8108e265534e4cb6458ae3c04fdf8bc0e2c7ccc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5d0c5bc9774f8cae21880d4d2ef4afd0

SHA1
a374cd9e72fb109ab84846561054fc23109ff8d0

SHA256
adfab3b06b1cca1405348b62578be6454ec5b44d3845b35ca63d7c7f985d9ffe

SHA512
15234061a937927bc98958b89c4944e804d8fcfcff5cdfdb85e1fe063583f4e5d9856b6d632212b66217685db2dd1bce36f061aadf46ba18c9ecdb672bc05a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e0f191c46769a39fe8c1b01125b6e82

SHA1
8005d5ce9ad87053e89d5b94b0275df7584b4aa0

SHA256
6133e9ccfb41165c73bbc314982ed01583fdb8e07cd79b30bb6f49ed4100d6d9

SHA512
89d7f2e8cafc8c7dc980432cd4b0ab7c6307b7afb69cf9146bfe9af8a20b184cbabc9521bb187c2666767649f5fb18bac7d73a2bdd3374a1c3ff26e76b395759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4cc2e1661eb86a2a22d243c84be1caa7

SHA1
6dcec525f362b2e9bdcc775527ba0b16dd4ee2cf

SHA256
9ecc7f41f08faba9da756f3da5909974583874644f3ce4dbff82407395e100c8

SHA512
8e0d1d5593d23d24457fd4b0e409ec6552468b54939334ee5762ffc8c1dc74ebe3d45be1605f60c57a69cb4d0c02b1adb1e46c7bcb27da0cad6f53b5fc0f2620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3b466047aea1e97b85c55e5a7054ad35

SHA1
6a0b7e77ef9b1aa61966608d3e0d30fc8b73e119

SHA256
8198dc219f17c9eed8a99d46ecde4635dc21a27d93dc6da7f79ba518eafa4938

SHA512
bd753cf94f97e36f3eefe181abe774b9f1feed3cf998fcd9a107bf6e7efaee09df8d416ec2a59b87a2e66761126589247a4829645d5786ccf83dfa06ed346805

Download Submit