ef5676390440b1f50b528471bbb9558463aaf5ffb2e75a7fe17c4d9f8dabb723

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 17:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

411064a56eef3d44ddfe4c22e894526f_JaffaCakes118.html
Size

139KB
MD5

411064a56eef3d44ddfe4c22e894526f
SHA1

f23614f6d3fabc5a2202d1934ee12c1a0d1667de
SHA256

ef5676390440b1f50b528471bbb9558463aaf5ffb2e75a7fe17c4d9f8dabb723
SHA512

612ace9beffa095f9314ee894b75131005913ee061fe9a7d1d84f018d6171b15722b1a4e17e756497adbc4d366c8e0f5821d7c2385f17fee6274b697fa414a51
SSDEEP

1536:SENCahjlVSdya7lxSTyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:SEumTyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
4564	msedge.exe
4564	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 3916	4564	msedge.exe	83
PID 4564 wrote to memory of 3916	4564	msedge.exe	83
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 4592	4564	msedge.exe	84
PID 4564 wrote to memory of 3304	4564	msedge.exe	85
PID 4564 wrote to memory of 3304	4564	msedge.exe	85
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86
PID 4564 wrote to memory of 2708	4564	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\411064a56eef3d44ddfe4c22e894526f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad15346f8,0x7ffad1534708,0x7ffad1534718
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,18036441804207719908,433110374221015212,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,18036441804207719908,433110374221015212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,18036441804207719908,433110374221015212,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,18036441804207719908,433110374221015212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,18036441804207719908,433110374221015212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,18036441804207719908,433110374221015212,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
45ebe8d340422a71f5d432cd4ffa4dc3

SHA1
ca017755af97ec680a1fa9cf0793eba6d3b45564

SHA256
40ea220e1eb7c6500f62c3814879aebfad3796a24f256069560b902883726e1c

SHA512
cb8e628c5c148d79f9ed168533760da3cd163d893e63086ad0db540131967fb625fa2cfa6d807de0a3ad2fca4e745a40f216101ba563aacc1ce2cc835fa7e0c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a0efffeea19b1a269d2d7733c9a132e

SHA1
f7331c4a20d0793acdf5ab81fc2f25c81d2b09df

SHA256
5b5c67ffb1800a2ea572d00e289d2aca3003d839f7e18c4c0653e7280aacf444

SHA512
da497810685ea0629fd7c845dcc89c5a50acc3cc970b49640e3edd748f80b8d9f2996679aee2c4983df68c9ec1d6ba0a0fe8878678e215a2145710589b3a38e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2d323e24ca2ba5881e0f9f8fc3898dfa

SHA1
87856ce9931bf798e93955fae046c584ad8d75e3

SHA256
e2b9233dfbf63b4f160b5f765d4c4adad542e5e8e00e45a26a11d171ed48015c

SHA512
5ec60e2a2b8ba40a5cfc4cf331a0244f80a0af715df994961f7b7846fa92a63880cad1920f4f6d832f0b862053065968160f66f6d96d8a047aba46a72b7e176b

Download Submit