85ee10a312c40ceb9dd5ba9ea1d7917bf51ce18db65541e9af8b74190b8cce5a

Analysis

max time kernel
139s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2024 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e139646eae4522b747912230d86b5ae7_JaffaCakes118.html
Size

158KB
MD5

e139646eae4522b747912230d86b5ae7
SHA1

f2ebf42eeaeb2bcdc3d414f0762695bc57cbe421
SHA256

85ee10a312c40ceb9dd5ba9ea1d7917bf51ce18db65541e9af8b74190b8cce5a
SHA512

121602a66b58136e17f853cebfb4cf1b6c6a54ec5c92cd251010e2d72a6aad1718dfd30b4961b6d2dfb8fb746245a52371f2d8050f5cf8359c42908071700ec7
SSDEEP

1536:iyRTEG50EUINYKGyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:iAEQGyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
4536	msedge.exe
4536	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
3104	identity_helper.exe
3104	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 4868	4536	msedge.exe	84
PID 4536 wrote to memory of 4868	4536	msedge.exe	84
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2444	4536	msedge.exe	85
PID 4536 wrote to memory of 2980	4536	msedge.exe	86
PID 4536 wrote to memory of 2980	4536	msedge.exe	86
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87
PID 4536 wrote to memory of 4136	4536	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e139646eae4522b747912230d86b5ae7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81e1e46f8,0x7ff81e1e4708,0x7ff81e1e4718
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12022641755943897359,9356653887011621296,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12022641755943897359,9356653887011621296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12022641755943897359,9356653887011621296,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12022641755943897359,9356653887011621296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12022641755943897359,9356653887011621296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12022641755943897359,9356653887011621296,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12022641755943897359,9356653887011621296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12022641755943897359,9356653887011621296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12022641755943897359,9356653887011621296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12022641755943897359,9356653887011621296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12022641755943897359,9356653887011621296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12022641755943897359,9356653887011621296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:3164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f376d45a19769a986a9d8ad101a2dad

SHA1
285fc9c9ae631651262330153f16c4bdd3bd73b1

SHA256
2577eabf5b6e4ee0326d38b1940240a8ff7fd862e8ad4c724b918e8fc32db14e

SHA512
8057bdcdcdd14f22b66f59e30f0437980c390987715186a329c7b8fa71d6790192b6384518916206a8e650911ad8d779bd33f9aeebf9301c5cceb6647f8a29e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9158e8ea68463f756a46b5a4eb59232d

SHA1
9cf3dd9cb1c1e3b27cb43c5164dab45e71f5afbc

SHA256
598f5e4b38b6c91c0095e4cd72364b4d71cb47b3c6302192704722500ddb2db4

SHA512
c38cc15d796e2510cb74f397c5ae8313bcc0d6891bc0263b3d0eb6a4861fea010cbc3fd9f7eb6d9be90d1a7e0884995be26f9b090b86edd9641796ddb29c9d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6c0b2d8caeb68e90a613813ae116a4f9

SHA1
a786bfad9f773d072e27d0dc3c83660f7469c3e7

SHA256
fe42b0193d2176e56fce2fbaebc46875e6f3e735eaf399cee192acec0dc1c618

SHA512
768a11d14c0321a35bb34d194cce2b65a0de73b1d87ab1bc95cc0a54d544caccc3ba3802273bc2a93379782461f0726f4d43278954f76a1d98a24a433322b582

Download Submit