279264dbcbcba76d06e69fd5612f4f1f6ab2a91776d00acbd63ac173e77ce9ab

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6242fea2173f2525cbfa4eee78b2e04_JaffaCakes118.html
Size

159KB
MD5

c6242fea2173f2525cbfa4eee78b2e04
SHA1

1e6b4ba337bf3455281765cf479982db64016123
SHA256

279264dbcbcba76d06e69fd5612f4f1f6ab2a91776d00acbd63ac173e77ce9ab
SHA512

fe18e2997d06f96ff576969df83a7244b99f6751abfbaf7f0249191193cbe16c83ac629288d3ff097b0b4a207c702b9be5be95f93ca18d04aba61c684d2bf060
SSDEEP

3072:fqx9UcjvG8rMUcXmNRS7vaCCSZi0od0439IL82xc4K4vRmrFUkxxmZtuI:f4GXmNRc20KbhI

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
1776	msedge.exe
1776	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1776	msedge.exe
1776	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 1516	1776	msedge.exe	82
PID 1776 wrote to memory of 1516	1776	msedge.exe	82
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 1876	1776	msedge.exe	83
PID 1776 wrote to memory of 4016	1776	msedge.exe	84
PID 1776 wrote to memory of 4016	1776	msedge.exe	84
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85
PID 1776 wrote to memory of 2108	1776	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\c6242fea2173f2525cbfa4eee78b2e04_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafe1146f8,0x7ffafe114708,0x7ffafe114718
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5910985401417428297,11939894509519222790,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,5910985401417428297,11939894509519222790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,5910985401417428297,11939894509519222790,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5910985401417428297,11939894509519222790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5910985401417428297,11939894509519222790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5910985401417428297,11939894509519222790,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4660 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4fa413c4-2475-4da8-95bb-b9fa066098db.tmp

Filesize
538B

MD5
bde4f325dcf9d1c318115a595dd507c1

SHA1
cf22bdbe904d07dd227013e4760e8cd942da86e4

SHA256
394750898e9558c4fb4eb411ff967af3d76230ad1976b86ee2104c9c003a71b8

SHA512
df02a60e373cfee7a93418bbcb31857fa452c6f74841a9e4b8283968d38da7d6fcbdf6bd631bd527867e0b1d22353e80230a84a746426faa8e9cb222d9b8f32f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
57e80a50b6beabe0b0b2d6812b5d4f6d

SHA1
65f9b7606b919b9c12be9a62fb025ab5c25d353b

SHA256
9e512276cb399a51f08f5d1d9d2c861c3061de7ee566158ab10229166adecff2

SHA512
ecc1dbca1399156da720935aa2711908c08666b7dd963c90bc600450a54394898be8d7459595867dd98aecd3fc22ef8c2d9a6d966660cd59ece299272bccfbe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
245f683d59fe09b3310c28907e53f5ce

SHA1
34713b442b1f542e9870c2f50a5500618de0db84

SHA256
239c8737a5fec39aa07df4bd04083611c8f4d6f9dfc1a4d5e058397f99cc125a

SHA512
448aaa08b65fc832f18a8407d412937d0432730c754bbfd2ea73532a4305c7cd896a4cd1161b4c9d843c5f78aa35728ad70984feab14e80f4d2d24f16e08ad91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
08ed67ebcf28b424548454326a532aa0

SHA1
1ced6676ed708e7fe759a7db317d23447a1fa356

SHA256
372954445ec5b154ec8be46123d30dcfd040cde44c64627fbb48c08a8746db79

SHA512
ce4b11598b302f581ca04f7139a2d38eba7f04190ab3f24f20397f792ac51c6c56d7b9757b70b12d6f8b3841ddc67f7f80f9f4abe2499e24460bb65a7f168c27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e31c.TMP

Filesize
371B

MD5
9e29f7caab0057dcc46ce2bd5fdd7166

SHA1
17c9964d9f1aca47d50a6c94fe214970a06efb48

SHA256
83a7f79cdf2fd29331a16a55f8c75dc5505e676503d31668c5e2bc11b6985957

SHA512
334dd997e1a53488a0bcddbed0daef53d3894e8e3adcea6cad94ed0103a8272af8db83cde2c7ff8a7b98c1b808f801617ae3e7c1a5e00f60153f2d4e6fe790fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
55a94a8c314fd5613e04106224585487

SHA1
085f9e24f2e81b48ca98d37574ccefba97941863

SHA256
89cea3e0885f73fe9b952446f07f4e4f62b3c8c973faccfbb6cf10fc2a3d4d38

SHA512
d9ea47cda5af423072dc9204ef227b36c4d2dd894a76a8b9477ea314b7424558d69c044fee4b67b23211109ce5a47a6ddfb98c18e9948264ad0a532fab716dd4

Download Submit