e91ccda039692ae875d78a4c77d10c4efbdf3f56c684ddab9bd3b2b0e3bc5089

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-12-2024 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

debf9eee0a49acad9d989314a32c05b4_JaffaCakes118.html
Size

159KB
MD5

debf9eee0a49acad9d989314a32c05b4
SHA1

dee7657ba6f1454cfe854e96ad6f47799b82f8e1
SHA256

e91ccda039692ae875d78a4c77d10c4efbdf3f56c684ddab9bd3b2b0e3bc5089
SHA512

ac99505096418ad7eca73fa7ad2b0b711f60067b4e184e8c0b7c3d1e1ea890e18a0e49894893b4459bfdca7554015961696a0ffb09b5542134d0e61974c15237
SSDEEP

3072:YnzwNmnaklctklctklc7uG/bI+3ikcxklcPEijZeqhZEijZeqLQHQg3h1tUNrc0a:jNrklctklctklc7uG/bI+3ikcxklcPEH

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3428	msedge.exe
3428	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3428 wrote to memory of 2836	3428	msedge.exe	83
PID 3428 wrote to memory of 2836	3428	msedge.exe	83
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 1988	3428	msedge.exe	84
PID 3428 wrote to memory of 3180	3428	msedge.exe	85
PID 3428 wrote to memory of 3180	3428	msedge.exe	85
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86
PID 3428 wrote to memory of 1364	3428	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\debf9eee0a49acad9d989314a32c05b4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe772746f8,0x7ffe77274708,0x7ffe77274718
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
d2185f286f35c40efa4f508229e51d4b

SHA1
7ea1630b46228e1c86219514828d74efbc26ed29

SHA256
4b52295554eaa394a607bbbc6a76ada2689996746dff9ab66dbbcdf5c6826284

SHA512
2e175672f22ff910744f05f894716333bceb24f42c491ce4e44ff06abfbcae89d0b6a16a4647fc54990a9a1f34cfc35115ac8f9aeee6144c93e4573f45f0b7bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f4c47e8f47a9b424bd6975cd3772c380

SHA1
69446bdf5893ab128351e0ca71751f8b5babc920

SHA256
5bb965c357f097674a5f37ef4309331e0f73d1cc39aea44cc991e2657c6f413e

SHA512
ad9ecbffcf06f6d69ef55dc26f7a697817cd4734abbb31299815eff07c19b9a5d692b33fcea0f694618e1188e17d7f1751ee8bbae4374323ce22c26309576e1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6d06117f9b8601c6f654ab19ee904bc

SHA1
4318ecb893453e3fb6322b19dce500201617f618

SHA256
94fe52d7c005736073286099b35c262ea618a3d1049db4ec2f88b30482f809e7

SHA512
2cdc3e6076c76cb31173193c916a3ca133b1de4daba9edb7fe44016aeebf4637a3e97edf60ead1ba4ceeb90a807af885c02c3d1f492c7139376c5a72543509d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d45ccb4c7b99173be288abc90cd8d683

SHA1
05791ddd5ceca38c2ae987a2a6545ee4d9ad65e3

SHA256
4ebb4bcd17c315cbb22a40dbdddeab846b78e613cf4bf16fd2b39cdb63231e0d

SHA512
e1fbf24dee43f829fc8a9e16f747181763835f9b05f88fff94e26e52ba0edd90a022020fa9a5a1389c90e1807e3aafef0489be896c25a4fb40d8a52ab47138e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
219d7b193c2a71adec306ea631c0705d

SHA1
36a028ccc3ae9fdf868ffc7998d1cad6c9a11701

SHA256
f00bbba536c6f3ee476d6d438cbc78359e3de98c28b1d5d46f3fc94aefc73bb8

SHA512
63a7012bcc2e55e97a6312d570904a149b2de201f0173323d4c56ae1289c128a3e5f2cba7dde9aaa50deb83a25812d9e22352e8c311dec4902cf8073d64ccbd8

Download Submit