bca31707a2398e9563a0c128c35a93d04594b7a280f72325fc2c827e71414f68

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

971713b09c01c8895e9251f97b40e948_JaffaCakes118.html
Size

48KB
MD5

971713b09c01c8895e9251f97b40e948
SHA1

06b039f30d6a7e76075e401ff0fb04d127bd908a
SHA256

bca31707a2398e9563a0c128c35a93d04594b7a280f72325fc2c827e71414f68
SHA512

abcdc177a753985c873403d82b872a98f95fd37e64c3aa08feb128c3168922c842fc28b2182c0cc087120ce0efa74ea79b7572bb024fef9628b9027a667a8b7b
SSDEEP

1536:ptUtUKuIMkUn2WwUAUUU0UY2B+UuUuUDUFU8QU5UU2UQU2UzU2UwUFUOU+UnUDUd:PUtUKuIpU21UAUUU0UY2B+UuUuUDUFUk

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5052	msedge.exe
5052	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 212	5052	msedge.exe	82
PID 5052 wrote to memory of 212	5052	msedge.exe	82
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 1872	5052	msedge.exe	83
PID 5052 wrote to memory of 5008	5052	msedge.exe	84
PID 5052 wrote to memory of 5008	5052	msedge.exe	84
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85
PID 5052 wrote to memory of 3704	5052	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\971713b09c01c8895e9251f97b40e948_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd9b146f8,0x7ffcd9b14708,0x7ffcd9b14718
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,8548881582416051363,13885810287073703365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,8548881582416051363,13885810287073703365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,8548881582416051363,13885810287073703365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8548881582416051363,13885810287073703365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8548881582416051363,13885810287073703365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8548881582416051363,13885810287073703365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8548881582416051363,13885810287073703365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,8548881582416051363,13885810287073703365,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
465B

MD5
2e257a608ce4fbb2f125d2a930e6c8c7

SHA1
6e56bc9e3b17f74e294d71c3a3cf1ceebb427df5

SHA256
d2fc4a6110d688fbf3d826a7f35fe6fc856fc5904a7ecf8145db5b64a18e248c

SHA512
03bdc14a2eb082cd485c7d78ab7ce37533b989b5b1d5692529a3e2ca4a7cbae34db1f7569578ff0d41ee5ce01b147662acf26c32cf527f9e97531d5e1f76a34e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
074229321640b5eb52bc9b51e7568bb8

SHA1
a50e08812d6a74e57f7f4e5c4ca93938b5a893cb

SHA256
ec634b99ad3de4a8561d78dbd8a506a230f7fab6129bc002bab613b2c6896b74

SHA512
af764b4aaf8787eb42161d49dd03333e7bc7039cd71abc1920b3df9549ef1d5d3878b0ca497ed8747808e179a095badefd0c73d5681db2ff34765e870943e3b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ff4c32a4d5e8613180fa116083dd4003

SHA1
436a58af7e420392a58da656a5ba6b2c8a889915

SHA256
a6791238ad858a7fdb3aef2cbdcf1f317d48e51084a65e75f84f9269500b4703

SHA512
74a7a0069fdca07294664aed7d22c32226dff3a8003a38a14cf429617205dd43a2ca7ae70b1b77502340988c99f6f1fff52e0b401c57989573594ebcdd69dade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bec9c71d2b464ce127fb362a030df323

SHA1
822fecdefee70f185c50f01e6bf09e09bf8a1c25

SHA256
5bfbbd2d9bd4c3fa910d6d2313f42056bde78fcd24db2cded9c97e8b418aebf3

SHA512
bc8f048a3c443d03df268b7952ee3c6c732c065c0ce039ad491afc42dfeeeb0ed1d66f55b63bf00f21cd56f99466446e5fab7e03118593158579e97ac67af614

Download Submit