8f6620419f86e459207c144e83985bfae615da54b14d9eb295a4cf7d48e31e61

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-12-2024 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de7c925f219d1e175f387d08d5cd6034_JaffaCakes118.html
Size

265KB
MD5

de7c925f219d1e175f387d08d5cd6034
SHA1

771f024446eafdbeb632297fcddf819e854897cb
SHA256

8f6620419f86e459207c144e83985bfae615da54b14d9eb295a4cf7d48e31e61
SHA512

5d5b69db5a3faa83b4d0956296d18d118bcc52fbeb967620b9b82f3642957beebfc68303ff334bcf3c635cb439fbe7412280211e0f379a01c2a95a7bd35a2565
SSDEEP

6144:7op/6t8aNRbUv8YbbW9AaJ+H4C9lKVWVbhy/JRwRXa7/8PH:7opc8aNRbUv8YbbW9AaJY4C9lKVWVbh/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
512	msedge.exe
512	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
512	msedge.exe
512	msedge.exe
512	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 512 wrote to memory of 1308	512	msedge.exe	83
PID 512 wrote to memory of 1308	512	msedge.exe	83
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1872	512	msedge.exe	84
PID 512 wrote to memory of 1964	512	msedge.exe	85
PID 512 wrote to memory of 1964	512	msedge.exe	85
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86
PID 512 wrote to memory of 2432	512	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\de7c925f219d1e175f387d08d5cd6034_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb76ff46f8,0x7ffb76ff4708,0x7ffb76ff4718
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,697335805634540174,294244527364915666,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,697335805634540174,294244527364915666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,697335805634540174,294244527364915666,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,697335805634540174,294244527364915666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,697335805634540174,294244527364915666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,697335805634540174,294244527364915666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,697335805634540174,294244527364915666,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\903938d9-a2f1-4032-8e99-ad4ba7c892a7.tmp

Filesize
3KB

MD5
dfc56964ba7872a040ddb09510207dd5

SHA1
46a56740c9b57ee4dc06a2d4b39186f3fe5d53e2

SHA256
7a7ec2837ef481e29f1e0566634561cbad7ef34d9a0baee2578c02de7e8439ec

SHA512
60f329ff84ba5b7bdac8c268a4a1e4e01564f41c1b0413d364998d543b2cd654b826fd0659fe61cbcc659f0769156ef82b27283bc0466a8e38bf3c4bc1efac77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
c6c2983609191fb6a6f35aae5d11ca2b

SHA1
f0a824ab28ab146819eb8343836f8f7a5609334c

SHA256
b92fad708a3f0abb98a8c8039d0c3e0cde72a426cb440e5adb15319a68ce8ead

SHA512
90c2af29fa0210673c4d48620dc55631e73ff712ff45df3f16480e295eb8f26b90824ee8aacb5195514c5ebdab934a1b6815ff5113a71d550b78ee5f00b3f619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dc97f7816f7a1c90426f3ac6562334af

SHA1
0aaad666d152f3a0e2338fe52d7e16ce9f57cbd5

SHA256
ddbb009d8c85289fe9b170f281193494e796c15373a6645a552eb85243e7d7c6

SHA512
f149a977cc266eda37c58bbbd2b9a4fa6261b5d71ef3740ba63fff9f78c71ce76c2285022ce0a8a2ce5c6745bd9d11f784fddc7d410233cc8d13f9341822ef46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0891a515e9245d7f4dd172cfd6586492

SHA1
506d10aba85f415ecc8334d28ce27d15bd578c1f

SHA256
05b2501377890eb992ff5c737791fbb0d53a194dfd1af8e2bb8caa78028d572d

SHA512
3d9a30a37593640742402c7eda9ab716afb8f322182a5ae0aa7d1be873f5c4ab76cd2ebb5496d4c1b92a9dbf9aea0c5c260b6d1123b8461bb5a3bc14ce764246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3c07074d64450fc51621efd7a2b57fa7

SHA1
0d963a0b8e558de45d31ba4f3753e56c622bc1d5

SHA256
6291bae15936613a8817d39528a9b01050e0597efacbe91c6b741c065de75bfe

SHA512
c4bda1a75c6e3ca8dcbb0f7928bc186acea1aa85a2067d21bdbf6eec6b156e6aaf237b08a505b1aba008961aa85eadfbbfa11b6df7c3947a4e7f2f5f0df518f7

Download Submit