0d102f975636ac5c63f51898425f1288453989ec99c77f3ec87f906b28929ece

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2024 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e37f53b3a87ac78de0184ead05d59dfb_JaffaCakes118.html
Size

124KB
MD5

e37f53b3a87ac78de0184ead05d59dfb
SHA1

dd83498412b92f9e17adccbee6aa930a77a17a94
SHA256

0d102f975636ac5c63f51898425f1288453989ec99c77f3ec87f906b28929ece
SHA512

7e5d1bbb882b59c1ba5e509e4d8b755d8721cd9a6eb10d053b9c3a0bf76525680dddd957e29263f877e5093233c67293a50e9e26674b1d2993d9949284a0b808
SSDEEP

3072:sv+ayTh5yht0LodXhynbQoFdmXx3zt3RZUjCDK/tWTO:cSbQadmVzt3RZUITO

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
544	msedge.exe
544	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
544	msedge.exe
544	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 544 wrote to memory of 1956	544	msedge.exe	83
PID 544 wrote to memory of 1956	544	msedge.exe	83
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 2056	544	msedge.exe	84
PID 544 wrote to memory of 3916	544	msedge.exe	85
PID 544 wrote to memory of 3916	544	msedge.exe	85
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86
PID 544 wrote to memory of 5072	544	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e37f53b3a87ac78de0184ead05d59dfb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe814946f8,0x7ffe81494708,0x7ffe81494718
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9073282094814018143,1066592281284616253,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,9073282094814018143,1066592281284616253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,9073282094814018143,1066592281284616253,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9073282094814018143,1066592281284616253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9073282094814018143,1066592281284616253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9073282094814018143,1066592281284616253,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4568 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f7ab1ca5abd3938f44c2c5c9ad8ebeb7

SHA1
4d84f3f003222af3e059cfac6d5dc47709b5da20

SHA256
aa6ec6bd3879a548613237d043b3da2dabda09889d317f34e54ce3b3f02f2879

SHA512
a4ce1b116938b38fdd45d19071f35bca9aa14dd490d7f235633e04cb5b22ddade2cbf9ea382858c7eade2d6190a920b0a1d218edeb445145a73edcade03614ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
81168be9624c6c235c51cdc64d0f1cbe

SHA1
efc82bc9cd99446e999fefef817266d2064c5e40

SHA256
e17ee0abec48389cebe14cd50493472f5818e2b27bc92fabd75365c6bf535761

SHA512
0a3f654eb7156b0d4adceda08ab38bcb0e11c1d98cabf09e5f654ee61cbb9abce5d259e6619c6db2d42b35057032746c07796f764fd4de9b7fe071a3cba13489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f84603f79e9906797929ce2d07dfb2f7

SHA1
bf591ef4e92fa67d44387ae5bb47dddd4d543e8c

SHA256
55396a740b3cf78e063d9c9e5769c10dbb22d91729a03fe888465c4585245de6

SHA512
86c1f99c0da0dffa947a13d9bc03721de8df745f52915e7f75ffdb0816f797b3776021f011865c4825b093c44784868323a2f7bb058bae07b6929e3485dc46fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1b2734d950be044795b8b42bc1d934b2

SHA1
aca003575af3d15b33c0ac95b6d89ff34dc68b2d

SHA256
e20c21c3b74575753ebc0158e8a48a3e27b0f3b68b58a76c842c1ab34fb06281

SHA512
77410b4f3e9f174e7323aca443f81df8b259d81d92dfd23ee6c31a89a2fccbc790b9ec23b3b99980c4be7c6b18eb578fe1d62a3a5677206aa6dceea61f198533

Download Submit