f7ae26ec080a2269b047ad6771a743864076c6056ef09f6826e2e9ecaf1f883e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92ff1139b1abd2b885fa5765c318db26_JaffaCakes118.html
Size

156KB
MD5

92ff1139b1abd2b885fa5765c318db26
SHA1

73d2e3e6e99e7f6c99a5b1c755981c31ddab8d0c
SHA256

f7ae26ec080a2269b047ad6771a743864076c6056ef09f6826e2e9ecaf1f883e
SHA512

d23b41c8fda98e14c816dda64d031a88253850df293c6f0fa7430c16b7745db9bc69eea4cc9e905dfffafaf337ab6e7f3d1b4ee1d7add1d11c5a1ada0109c02d
SSDEEP

3072:fIx9UcjvG8rMUcXmNRS7vaCCSIi0od0n277L82xc4K4vRmrFUkxDmZtQU:fKGXmNRb205zU

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
680	msedge.exe
680	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4320 wrote to memory of 4156	4320	msedge.exe	83
PID 4320 wrote to memory of 4156	4320	msedge.exe	83
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 2372	4320	msedge.exe	84
PID 4320 wrote to memory of 680	4320	msedge.exe	85
PID 4320 wrote to memory of 680	4320	msedge.exe	85
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86
PID 4320 wrote to memory of 4476	4320	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\92ff1139b1abd2b885fa5765c318db26_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9ef746f8,0x7ffd9ef74708,0x7ffd9ef74718
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,15830078287739372776,4862202575373490509,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,15830078287739372776,4862202575373490509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,15830078287739372776,4862202575373490509,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15830078287739372776,4862202575373490509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15830078287739372776,4862202575373490509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,15830078287739372776,4862202575373490509,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
840ef34956581b0231fbcf99be78bf36

SHA1
885a2e148c0804cec8ee942209802d48b721380e

SHA256
46fab76f9b6da5f406259e11d96d5a92ccfc279abcef4ccb1798f2526fea14d1

SHA512
911c8b12c7b4ec1040a42ce656ea0a668d2926130eefa4ee1c5c083355a0290534891105059aeb5c61504214b428917eb612bd609dfb01352a568a3c0fe7a436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cb3d04524a335ecf1afad2c5b0019ee5

SHA1
d1bb2f9e3930c57f40f88c45f7686b24ca4e3f04

SHA256
452e19906bb8083dbb811844dc1af50d756fd3f04bd2734f24432cf2dbdf418a

SHA512
cda7cc00a0f5e3dda3b1fbf2bac8ab39a5026a3fef24a47c3d99bf8845b9b8db96a7019c7f5eed2c465e342d4b3d2ba2dbae335c0632f6c9992f08f24cf53008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6a6cada6219d0c90212472f394607b9

SHA1
cb3c211befb225aa147c71e655454ce2994fc7f2

SHA256
2f2d794f69187d73481861d4c1d50b66617e8bfbbcc06a07da6123fce4473671

SHA512
f83a682db2c94de83275e6691f224ab060e3e46dde5bda4694de7731372ae616d309f51b19bd99e8e69bbe87a7255b8558ec3cd9055b2187d2e88e3f08fa4e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
73ebcb9286724975addd266b8719a223

SHA1
349e378e025c17a375f7743c08d8f97df8decec1

SHA256
feaffedd98120c34dcc43355496a6837e18e7c61c192a93c60571890d3b790a4

SHA512
f1e8a3c6d86b8d30182d51cfad0161878fef6d48aaeef6ed2c5233be3aca04755627af9fd567ede513680d0de69acfe523f27731c825d74540c0238506c71815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f5e9.TMP

Filesize
371B

MD5
7c543f81c959aa669dff2af85f61621c

SHA1
1cd5821b25121384a05e40a77c4fe30b63fecd6a

SHA256
81c45b47e4525b1b0c290e05c704f0b9582e5cda7469d7832816222b0b69e673

SHA512
f0e20b36b59b7578049c1ba63230a779081d2b7629a25c7b6171ce10657bbb61a8d613e826da95ebe47c6a73596d7288847141561b1d620cc67c82ebb886cc67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ea9230f010ded0084c1293ec15de2570

SHA1
1e0e12c1d0e2d1e0bb362fceda512286d1924c90

SHA256
4348ea694232aa170b5abf65ea931e76908af389a5bb31c28ed2b4605c446484

SHA512
a0dce9b850147b374d5e9a0efb157b542a1767ef827af61b8242b0066e98d340b70914357adf026e5dc480350a127673b826c4a1b0e74c654d6eb6e98308853e

Download Submit