bcc272f036a66b5732e16aef2fc6b5ce2835303a13ee4dc44ed7c211e73ed878

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2024, 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9e775ab58c802f0133806015a579e74_JaffaCakes118.html
Size

126KB
MD5

c9e775ab58c802f0133806015a579e74
SHA1

989a997380fdf4591075e3bd8cef9a7157452c85
SHA256

bcc272f036a66b5732e16aef2fc6b5ce2835303a13ee4dc44ed7c211e73ed878
SHA512

c7de89cea356968e0f60942f077bc37ce39e11f338acdea883e1861e23a2b12fb9eea06e29f71d1450573fb09da512c6ed21dffa873ca6dcf23404ad2bd020b0
SSDEEP

3072:mMAi7zIBL2qeRpjCp6kDxBiNXi4bdZcMtlcjA:mMAi7zIhXCpCAhSjA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1636	msedge.exe
1636	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1636	msedge.exe
1636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2008	1636	msedge.exe	83
PID 1636 wrote to memory of 2008	1636	msedge.exe	83
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1600	1636	msedge.exe	84
PID 1636 wrote to memory of 1128	1636	msedge.exe	85
PID 1636 wrote to memory of 1128	1636	msedge.exe	85
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86
PID 1636 wrote to memory of 1140	1636	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\c9e775ab58c802f0133806015a579e74_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff0cb46f8,0x7ffff0cb4708,0x7ffff0cb4718
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14759812051888566810,17521064141394970111,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14759812051888566810,17521064141394970111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,14759812051888566810,17521064141394970111,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14759812051888566810,17521064141394970111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14759812051888566810,17521064141394970111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14759812051888566810,17521064141394970111,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1208 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:60

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
601B

MD5
c8dd89442ebd56aa3edc7cb5b965044e

SHA1
825c61830bce8c619c8a7b1c4ae9dc60e9105a5b

SHA256
3a9db59b349c65d19e861bf062b4849d4d2c5025a2b5e9e3207da18268b50b0b

SHA512
bae1817a0f5406fb99ac831fa7d7c158bb5fc71178257a5fed3f160d12ca652e62858dc9bd009c667552a67312d144c865517b81f2692665c43f31cddf096738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
912512e7dc6d59e249d1ea5b1af0cb0c

SHA1
6c1a50f595584b4160b37633c9a6e4c1ecfeb440

SHA256
701672871c28a0c724e8758c210c41ce0433a1a912f53a01f4dff16c4a9f44c5

SHA512
21a9b80b900a0c3dd831685c17ca29caf24181a20035080845896a1e42a0bb51115db48c069b72d0d5f45b5321deb3516894e105f0ce48bc01cbee10fcb6965c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3167bc2c18da21af5cbb040e20cdfc7f

SHA1
bbf86804b6666e7837e082baf7b443a370c789d7

SHA256
7b718e4d77fab624e04d001d3fece7799912c6a1d74baf92096ee6c13a6dbc23

SHA512
a72a460480ba2eace9ae4e1831375a281e0499ec9f6c560435f5964caa2e59356c87faeb1c33a46bec29bbdf0a3b0386a4fe45a9bae205d79dff2798a8a8b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
08d8c4caf01ae3dd014d3c0b0a1dda91

SHA1
068c83ca7ff5c930d56ce813bba3fd0c4f94da83

SHA256
e564719e12cf9e97bc2321a93189ed57b0ec8c2ee2e435c8f06b57592fb9cfe8

SHA512
6c551b961377b8e59f3200b51bc55e7359927b40e09059b81bfb16c7fa5bc40c418dabcd1060aae909937bed4aee5c28817efc377934d64c812d224d2f0b30c6

Download Submit