a25e7ca9688e56d2a72268d52c3368184fae0f9297a297c5508a894bedf29809

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2024, 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4557b4f335478f4b5ebfbc921c3436aa_JaffaCakes118.html
Size

11KB
MD5

4557b4f335478f4b5ebfbc921c3436aa
SHA1

7c5572041afdb1551c4410effa9b77859bb44868
SHA256

a25e7ca9688e56d2a72268d52c3368184fae0f9297a297c5508a894bedf29809
SHA512

98cc647a62c68aad2e9f3d60f72929448125dd64f2b2ce2b01302434b76187a11e62733c2ab862573ea14e48d498a971f1498f6ac20d4e42c65f526ad20cd2a5
SSDEEP

192:2ValIsr0r57Mlx+T8v/w1whqJkR1O5uBuLbdU8d:salIcIQlxX/gGO5guLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
5088	msedge.exe
5088	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 4504	5088	msedge.exe	84
PID 5088 wrote to memory of 4504	5088	msedge.exe	84
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 316	5088	msedge.exe	85
PID 5088 wrote to memory of 4872	5088	msedge.exe	86
PID 5088 wrote to memory of 4872	5088	msedge.exe	86
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87
PID 5088 wrote to memory of 4236	5088	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4557b4f335478f4b5ebfbc921c3436aa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83b1346f8,0x7ff83b134708,0x7ff83b134718
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2400806594264452537,8882407822329800093,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2400806594264452537,8882407822329800093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,2400806594264452537,8882407822329800093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2400806594264452537,8882407822329800093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2400806594264452537,8882407822329800093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2400806594264452537,8882407822329800093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2400806594264452537,8882407822329800093,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ba9e9a1db8ab53951c89a1ba0c80f794

SHA1
a4464df3e3dce55d27be0f35ca39352a0ea3570f

SHA256
1bd17fe6254c93c6c3a872da3cbf309757490c47f2bc7a81aa1808797de17f9f

SHA512
9b4386ffbfc1d60ec6474e560fb7ac0bf014068438605fc358a0a36192561b009ffe9b090aadf2e4bcc9934ec8b2dd8512ebd751b54b7ad53b1a7f0761d31c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3faacef8d5c38afbdeb3a3c625d52ae3

SHA1
b231612b14b27e360b402ca83b8fba4167fe15cb

SHA256
f5563ca453e2ff9639677b28da9f7ed00184535b45234eb7fea96bce1b3e4f13

SHA512
4f3c982b9b3c9c96384098c6a0440e10dec94e73e209776cee98a9ea765bd907c51a5f743836742de56949f37a1500f42e8360d1743cf9873bbe7a1821fc7646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f286404ea092f2aebf6f539d83ec9ca

SHA1
2f309912bfbf9122bcb60c85e3a106522a5ea30e

SHA256
8ee367d94a8985922b79e52d1729d8d0aa9ddcd336a5fa26608d8a33909bfb9a

SHA512
d67ce3518ba29e436518891a65480f004a36b06ff536da523197edff34f28633bfb1c31d36b6875368a9217dcb1e6eca677b19c7ec4803787c195ecfd8bed719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f525c40a225f26c79be7955d6f12835e

SHA1
e260e5b13ce866acb79992c31f5faeaf7003f29d

SHA256
e261be0b56d197e2f8d5dad14b0bcc486e5df1bc6cce7c4bddfb394e1175a98f

SHA512
310bd4953bd8fe86785eaa07fa162bc9fcc2fd76fc9de71908b087d390717c69d92c992e6021da293ac9e67f775d26d4a91e3b2d9f7f37e7a2245f57a1dc8d20

Download Submit