37417b4e120a603b9bdc6c287414697685185db419b8d7610248375da3d78f98

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2024 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce37259e9a0969b66fb3898465bc2640_JaffaCakes118.html
Size

268KB
MD5

ce37259e9a0969b66fb3898465bc2640
SHA1

aa51cd301500186de47a4122e113a2bb3ae2ab8b
SHA256

37417b4e120a603b9bdc6c287414697685185db419b8d7610248375da3d78f98
SHA512

6297e23875ed8187b31f3c6cd51bfcf739221e0b6ffef15fd1020fd8ab8b82da30a3048dbe4669c06265b23b41c29f30aa58375a5017dd9b6393728277986745
SSDEEP

3072:RuzrxIn76rV5tPYUC9wuYqE2fauWE2z6MrkPuKbx:RuzrL3FRfa

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3972	msedge.exe
3972	msedge.exe
2364	msedge.exe
2364	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 4792	2364	msedge.exe	82
PID 2364 wrote to memory of 4792	2364	msedge.exe	82
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3228	2364	msedge.exe	83
PID 2364 wrote to memory of 3972	2364	msedge.exe	84
PID 2364 wrote to memory of 3972	2364	msedge.exe	84
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85
PID 2364 wrote to memory of 1164	2364	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\ce37259e9a0969b66fb3898465bc2640_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0c6c46f8,0x7ffd0c6c4708,0x7ffd0c6c4718
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,1562595717085954125,10192542754988016948,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,1562595717085954125,10192542754988016948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,1562595717085954125,10192542754988016948,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1562595717085954125,10192542754988016948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1562595717085954125,10192542754988016948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1562595717085954125,10192542754988016948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1562595717085954125,10192542754988016948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,1562595717085954125,10192542754988016948,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3ab04f0f-f1f5-460f-a8c5-54133a21e2ba.tmp

Filesize
5KB

MD5
8fc4ae7cee5fdcf723d6c7171e938a3f

SHA1
29348081fa53f88fcc34fd4eb2f3c49f99c0192e

SHA256
a3786b603b16b9298827d192a939c332d1ee62d36800669cf3debfb1c968e5f5

SHA512
c2b5d50a0ac44a4969fb83ee1688e8be540b043fc5e5b0b12bee9ccc9b691861e28f18bfab57004619a66e7556c8683a9fbcec93ac02d62672a5efe4469e4713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
20KB

MD5
4b3121a05808b99aa6e0cc12924f77db

SHA1
ee5805bb76c384d1e1667aea2976bd2f4f94c7cc

SHA256
e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c

SHA512
9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
5d01c955cae357a8176ffdd25975a564

SHA1
dd7faaa21e23d70f2d666e9293752dca29bebd93

SHA256
181a4fdb94d304c80977fe4596973b23b6a6c9b0de09f99fc41ddb1fec821bb1

SHA512
7f06374c756a367b6983387728c768e7d43c6f54cd07bf448ccc2925946decc2312ac248e849de8fdf541fd9a0e1178329f3f8445cbe51e903f0ddf5b667271e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c407afe21d91aa154b6c15083b826d40

SHA1
0f05ae7ef137a4b3d858ca7c89cd57bfd45a1aab

SHA256
876379c3aa01ecaab13f33cf18f0c43100907e52ade1222a43e04923362ec44c

SHA512
df5be7da64d56849cd4e06a10d31dec10deddf5f653a2167c8cab6d6dbd5de3a8d9cfebae0e5c3a97f3d317a603b8a90224e1059a0a2cad3a42d9bed02377021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ebae24aa3d230f857eeb23e13ae6ee22

SHA1
952badb65f7d3fee5218f86df72a0283df486fda

SHA256
99d8e9ea04502177253cc23747c64fe8347567065d0553a0ff21fc4f60daa46e

SHA512
0a0efd1f30f41b998a717be76828efc58ffa6fd63696009050a0997dc5858473e147797451861cab2b41490c38e9116401e8f101b1ed698d9a32147757d1d5ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f86779129d9553825104d786ddd19663

SHA1
aad167f87ea39e5106ac73d9ccf6db705b2d5cc4

SHA256
8a2712098175a7b2a78d9e013479fd62617015f3be00510071051a281de559d5

SHA512
581d1aa6181e0a7f2e993b63f272faef88641d11a0e25cf311ae7adca6967eb6dbb0d47990e5ab4374c16f3dae8dfe07088027fc9bbf8c02076766e07dd9db49

Download Submit