578da288c80a3cb87d650054f16d566c704b84ad308041fa38686c25b7f0d555

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2024, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bebac414a1b241df54fd4c9096015696_JaffaCakes118.html
Size

156KB
MD5

bebac414a1b241df54fd4c9096015696
SHA1

9da4cff2d6f15340075761d797c88aaef2dae271
SHA256

578da288c80a3cb87d650054f16d566c704b84ad308041fa38686c25b7f0d555
SHA512

ab5190203f3e6726778b10fad332bb2ebce5aa5a1d41cb75a42b92e98a053eabe1df83a962897c48cf7b14d563751b02aefb6eea27a0595c8f57db8f493fb17e
SSDEEP

3072:f5x9UcjvG8rMUcXmNRS7vaCCSTi0od0tomg0L82xc4K4vRmrFUkxSmZtzj:fjGXmNRG20mm6xj

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2244	msedge.exe
2244	msedge.exe
4040	msedge.exe
4040	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 4320	4040	msedge.exe	82
PID 4040 wrote to memory of 4320	4040	msedge.exe	82
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2764	4040	msedge.exe	83
PID 4040 wrote to memory of 2244	4040	msedge.exe	84
PID 4040 wrote to memory of 2244	4040	msedge.exe	84
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85
PID 4040 wrote to memory of 1040	4040	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\bebac414a1b241df54fd4c9096015696_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb171446f8,0x7ffb17144708,0x7ffb17144718
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14432843912358429916,9513792526083130012,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,14432843912358429916,9513792526083130012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,14432843912358429916,9513792526083130012,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14432843912358429916,9513792526083130012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14432843912358429916,9513792526083130012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14432843912358429916,9513792526083130012,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b6a960ab602f4da2f2fa1ed0d1f1cde7

SHA1
ee9c495139015e89e2562787d2827a5a9ced6a16

SHA256
2a0030864fe9dd977575b859c4092c9fe9a864bdcddd77eb460c868413c37f71

SHA512
a937cec50f3b00f975e585e15f8dddc3806871f91f9faad4cf48373f0e6eea63ff27c93d8f770aa985aada13e239efa6f7464d22e28cb2443b1a34ea4d45ddd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c5a62a3d91dc44cf0835bb958a344c0

SHA1
5b82b1f3b08b22fda83d134a0d6e0c652caf8349

SHA256
c2118ad6f34a9371459ba78a148b9eaaeb635f13c4f4dfce296f8282ff7a4f03

SHA512
ab1c732c86defc05a6e55cfd85ed4598823fb66a2a8bcee3e01d76693633b880ba6e19cdc601bd0e0982e99d0ab337b04a1fb10567aec3cd6a0de9a790f4d2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
65fa0064b106e34fcf02075949e0be26

SHA1
efdee9fede832c78ab9755398f7f40be1a0afc13

SHA256
ceaca71dc562dda17e08cd602d22687ddbc7e60c2d625038ebc6cc5f8b4cabd6

SHA512
3f11dc0406f4ba457abe15f4a007e61b45d9e94ea31328ba8efe0feb26a99cc3a8c4c30a2ef46f9e0e5d424734ee573c72caa9e88ea8810aa152407145ce1af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
ae13c593fa0bedeed1d763217dad022f

SHA1
ca9bf5c122f45de184804a81853fa8ce07da46f7

SHA256
b9bf149c2a09595aef5091ce522ee244a49650063f91cac425c210fd14b2cc0c

SHA512
f482892fa5e93c5f0447ea46201efa7a27e213367ce8202dabd8ddaa6460bd05e5fe5efd2191d9b4b78587db5fc90c82872036a0900bdb7dd94f3a7049aa1efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580896.TMP

Filesize
371B

MD5
6e0c7813e8db77c8acfeaf02f68da55b

SHA1
c36716a2b793187cdce633114ccc257dbfaaa04a

SHA256
8835143f2af65c8334cad529505fa7145f657ad2988c1b996db8d445caf5e5c5

SHA512
9a2ca4109f912280a07dd9c24e17d486d8a55ca699823abd65a057f2730cc2b33086b1ff9bfc291928ad51d3ac5e56c6eeed88d281bc655f61f79fe243bb2584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1ec6d534be00c7f52d50fb5e3bce2ec7

SHA1
f30b0e47be4422e12376012d0f18894ab27c7b1f

SHA256
ff66c813fbd0816a61cfa5866b56e3763e284370a75489dc510d6a3d21ea3684

SHA512
3fbd76d42d89382a2341f32a321ef5f0f5a2fe9840d2824c410c64c76baf5e65f03770c3378b40b330d81526cc56e4fdbad5a2d7bbb7edc076114bcead361ca2

Download Submit