bbe3dda4368818ae89777ac582974d9b019096a8d7f1728627ccbb9791e69337

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2024 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ad502d0e9180bd9f2ab129256508dbe_JaffaCakes118.html
Size

48KB
MD5

9ad502d0e9180bd9f2ab129256508dbe
SHA1

8d271d2ed36015399606c3d524eb2ec6890b46c1
SHA256

bbe3dda4368818ae89777ac582974d9b019096a8d7f1728627ccbb9791e69337
SHA512

fab11908d363445faa4f651cfc4792301785e1253770cbc791dfde7a244d443d8bfc0d94e89412a9aa39b1ff7a9653da9cb77809126a0a5710244a71413bcd57
SSDEEP

1536:ptUtUKuIMkUn2WwUAUUU0UY2B+UuUuUDUFU8QU5UU2UQU2UzU2UwUFUOU+UnUDUo:PUtUKuIpU21UAUUU0UY2B+UuUuUDUFUd

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3868	msedge.exe
3868	msedge.exe
1368	msedge.exe
1368	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 3460	1368	msedge.exe	82
PID 1368 wrote to memory of 3460	1368	msedge.exe	82
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3192	1368	msedge.exe	83
PID 1368 wrote to memory of 3868	1368	msedge.exe	84
PID 1368 wrote to memory of 3868	1368	msedge.exe	84
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85
PID 1368 wrote to memory of 1716	1368	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\9ad502d0e9180bd9f2ab129256508dbe_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1ad246f8,0x7ffd1ad24708,0x7ffd1ad24718
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,10146810215219414,6225309020003620405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,10146810215219414,6225309020003620405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,10146810215219414,6225309020003620405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,10146810215219414,6225309020003620405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,10146810215219414,6225309020003620405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,10146810215219414,6225309020003620405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,10146810215219414,6225309020003620405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,10146810215219414,6225309020003620405,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
465B

MD5
3980d9f1114703669c9274eebb2a8ec5

SHA1
b5cc45cde926830f146d44d21dd9b17ce17a28f1

SHA256
59b015ecf3b8d512fb1d298a7a81ac1b859ab8ca733e725cf964b655bbc77783

SHA512
6b0973aa7385b6f1cfae5a348faa7d4928c2673e3cf2d0116fad1377d734c94f3e4822efd02390301fd00227193e167999fb0519b0ffe95dc8aae135de9de388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
527fe7f5b623ee400bf681f554a24911

SHA1
4fbe1816686c5d786e19d8163c3454e2622b2122

SHA256
17721949a17e5101b22ce2cb9661f1959b3ab03bdf5dbec6e89cb112b49883fc

SHA512
67c68fadc7a650ae4f2866f44cc2c29419caba926cc687812b7d7d911077b7227ee9a2d7b4de4ae0db81b199a10233f54ffeb54e7bbbd29c066120a45ce90180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9e97b8fbcd6d1916a23034706b4e0a05

SHA1
0221793b1f7c4b7fb6d1e23472e747900a078aca

SHA256
1c978d4f599dc6305bc20073c63fdf29a877b3116c12e923878817de422cae61

SHA512
7ab22f69f381bbac71b20ffefdaafe0f8553cb822c86ce5a3965ca15166e694828022d3427060d2dd19b35d30d24b905e9a41c676e975ff48d5bf05c6cc8a4f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d14cf568210965e59922afd225ff4fd8

SHA1
16d4875ecfd7f45458740499f5e0c473de4610f2

SHA256
424e54d0f8fcaa0dcf10a528b573fdf535fe3e60f14c53cd41535a390d4ece31

SHA512
4b072d83c17d0c5e73ff6517e53edfe6f89e5bb0f34efe7fc5fa3e3fea9a5c631b304e378943093b9b4c7c327894fb517affb2f4b67ab085d4cb4b077f93db2c

Download Submit