bab9158bf636415d5c46977cae196b717ce5543f88b705774cc5f01e69f0e27f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-12-2024 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5068672bfbbea631588a9b180c95137_JaffaCakes118.html
Size

2.3MB
MD5

d5068672bfbbea631588a9b180c95137
SHA1

5fb11ce040bd83f5a357a10ba12f16df5510b5ad
SHA256

bab9158bf636415d5c46977cae196b717ce5543f88b705774cc5f01e69f0e27f
SHA512

5cc4a9a1ea40e38f403685e5786360dc2a614a241af1c510fa6f6622bd660bafcc4d5d66c4a19a768c74e1756ed4aa4bd9022a2d7f20b52a6db98774f923bb6f
SSDEEP

24576:/+Wt9BJ+Wt9Bq+Wt9BP+Wt9BX+Wt9Bt+Wt9B1+Wt9B5+Wt9Bi+Wt9BX+Wt9Bz+W2:E

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2560	msedge.exe
2560	msedge.exe
5072	msedge.exe
5072	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 3184	5072	msedge.exe	82
PID 5072 wrote to memory of 3184	5072	msedge.exe	82
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2904	5072	msedge.exe	83
PID 5072 wrote to memory of 2560	5072	msedge.exe	84
PID 5072 wrote to memory of 2560	5072	msedge.exe	84
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85
PID 5072 wrote to memory of 3236	5072	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\d5068672bfbbea631588a9b180c95137_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xe4,0x108,0x7ff9108946f8,0x7ff910894708,0x7ff910894718
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,4696214650047629350,4381685978252980081,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,4696214650047629350,4381685978252980081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,4696214650047629350,4381685978252980081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,4696214650047629350,4381685978252980081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,4696214650047629350,4381685978252980081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,4696214650047629350,4381685978252980081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,4696214650047629350,4381685978252980081,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
318B

MD5
18c5cc24ca725e84f733e15879945db8

SHA1
defda4519bc8137208e0da28269209881a1455b7

SHA256
aa3cc1aabfe33e24e15b95aa2f32630f5892543ab2269f3b210e6d93c35037e9

SHA512
5c52e61fde54f630fb2c552cd088130b75aa95077ea3d2544253597972413587d41d48d98c4c215f810ce8687ebae8c8cb796dd10faed539380883fb03546669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f052478068a6eac469c451b7bfbf60f

SHA1
0c013378146a75a8257f5fba2ffb50e408b4831c

SHA256
d99e9c6e721bb1087de4eae3f68913da94021198460a362e79c37a12777eac70

SHA512
45c9e400b531bc4acfd02506817e365f13def956f615cc23828cb33b245b27ec56d3775714c2b5e9ca9460882272bea2ec43c6b6a5603074fe8f95f46808da37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ea1e2c4b28f20a11aa8c62ba6593413

SHA1
d9fd5f38ca6d727d0688149c8dccf57d2056f024

SHA256
33c6910cbc9f60d16b0da3e3756ad0179b9ce2d3e4a5f65b470cb881a787a5ef

SHA512
026a379ab7df6b8e68d73d1f5cf102fc49cfd1dd6b5efb820ccb6cabc6b8c8bb2e3d32baefb92f31fd42bff0cca1d01ae4db70d688ab91e46d89fd0baa19c08b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dee35c8cd12d69d7b8ee7acead7757ff

SHA1
41a63abfcdc0506a44f74780419dd067dfe3e2c7

SHA256
e60b5589ae8ef8d56f9902cabc52fc238a16625bab15898749b303feae601e7d

SHA512
f2d8eae792249a946dc9ff0aaaf751c513cbf1354ad0b27ecb4737975cf1f52705aa222cddcae92606686f7b786f3a27f3687b92338f87425b9aedeaea58b686

Download Submit