f830e2739eb16e71caf30f6bdab47746be09a0ef9a66c360e268281a25f7ca48

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95b7a8513804db0e344627a3592aa979_JaffaCakes118.html
Size

116KB
MD5

95b7a8513804db0e344627a3592aa979
SHA1

91015a4920fbafd9c56581f6207d89ae3a838d64
SHA256

f830e2739eb16e71caf30f6bdab47746be09a0ef9a66c360e268281a25f7ca48
SHA512

55c52ab1511fab19455ee43a1385e2960f6803bafd0a127cd7f1e7d4a9f4c45c58ace5c316b0fa3f2e1be9685cba140a0b461cca7a6776d17566e287b11bb3da
SSDEEP

3072:CCylodoh2vXiodohXBFl9rGGCutM7t7td:CfP2X

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
2544	msedge.exe
2544	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2544	msedge.exe
2544	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 4716	2544	msedge.exe	83
PID 2544 wrote to memory of 4716	2544	msedge.exe	83
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 4612	2544	msedge.exe	84
PID 2544 wrote to memory of 5068	2544	msedge.exe	85
PID 2544 wrote to memory of 5068	2544	msedge.exe	85
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86
PID 2544 wrote to memory of 2600	2544	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\95b7a8513804db0e344627a3592aa979_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f2dd46f8,0x7ff9f2dd4708,0x7ff9f2dd4718
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,8674914439123300216,7171927276555439411,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,8674914439123300216,7171927276555439411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,8674914439123300216,7171927276555439411,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8674914439123300216,7171927276555439411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8674914439123300216,7171927276555439411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,8674914439123300216,7171927276555439411,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5248 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
973B

MD5
7ead7a94c323ee1b8dc7523bdd8c7f5c

SHA1
79439feb3c45f41efb7c2c62bafc78ec206a33cd

SHA256
b6b7473c397d1b32b0a78a9fc402ca3585d507b6f29de1337fcd4c2a70485474

SHA512
252daea4dbba4e042e4e4ba85d3218e70c55a71d01518ffe1e36e0086d24dae52d80c913724ffc3ec43ef8127088dfb03040e3f4e2eb4a8c27c67e3b58b5dec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
942B

MD5
2e2de931f83d8880575d2e3ae848db99

SHA1
819b0ad6a446dbaa82d2437782ca3340c0de07ea

SHA256
a7a97068d6553310fa0a6c9d87e59e41b47cd6b4628569d073df41fbdfde0799

SHA512
22e50406573bf687857393655f92b740e4810b555cab1575153b7ed593e0af964b0893a31a0e4ba4e8f514e99476e66c053082cc5ff14c634dfdc75b3414fbd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
49009dabd44a62cc2a01503c71efa02c

SHA1
b54611165664fc8f8733d99db05febabb166fab5

SHA256
ce5ed7c605b1f56deb3055ff628aca37eb42d89798ba65d79af3f17703a11939

SHA512
0e1ba2a6bfe016ed7a8a8553a5419523fc34d270f643a67afb5b08a9a1c827c7a51f8bba9f569a0f662b529035309743fb6bbf36e6f707900ee4469f78ebdf25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
32eee7d3590cce4e6be7ee6220388625

SHA1
e580696597433ed0695ca46738c9dc90d4aca289

SHA256
7d76c0e75dc524557eace9a53fb9c42a6c14e5940a9fe91d1e2690eebc4d3fd6

SHA512
c03c01ef32c881d7d229162b86aa4846d28154b47c421d5b39fb5fdf06b67a21f5c86fb8456ab6aea4d0ec918c33bbd80ff0476ad81badc757633e7f5e31a43c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cdd193e2b4221643b12c7fde2bdfc4f2

SHA1
d12cd928e18007d458d791078c6454c63ff629ad

SHA256
1de5087e0e86eff8dbe04462abf50d349febf415bfaf1a83c052a1bdfbd76723

SHA512
a3ccdc94038b107722f0dfc062c75425b61322048383bd3ee49b22ebfe14a6ed60338211344ee2e5d6930dd1831c0d16cdeb25783f3d5b13ff7017ec557430cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9d552bd44276d01a27c1dd3e7b279c5c

SHA1
d00e21b8961262b9e8521a3968e6b06c267fc395

SHA256
7ecebd1ec43d63e3802720221e5dfcd5f5d0ebf9a0ae8f81e6fe6308cedc6406

SHA512
0a3dd0549cf277f0c969b36ef55d5c62990c035c3e8138bb7abcdcc1a4976a29d7efaca6ad872390d364c0472f6dcffadf6c94910b054bc2c928e92f37ae7bdc

Download Submit