b2941a2f063a9b21af5439f3a746bd895f4882651f99dd5962c430953be56f1c

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2024 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e228e8b8589b782a5953817ae8640ecc_JaffaCakes118.html
Size

48KB
MD5

e228e8b8589b782a5953817ae8640ecc
SHA1

5682bec564fa6ac1c673edaec1484e4a8f579afe
SHA256

b2941a2f063a9b21af5439f3a746bd895f4882651f99dd5962c430953be56f1c
SHA512

33485d1c17734a2a130bc050d6dbbab48061dbb08f5368ce405fe2c6108b65400dcb87afe4e92bd01521baff4507a0a8d70a969a1ba5f5abd3189e9ee4978ed0
SSDEEP

1536:ptUtUKuIMkUn2WwUAUUU0UY2B+UuUuUDUFU8QU5UU2UQU2UzU2UwUFUOU+UnUDUa:PUtUKuIpU21UAUUU0UY2B+UuUuUDUFUD

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4052	msedge.exe
4052	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4052 wrote to memory of 1868	4052	msedge.exe	83
PID 4052 wrote to memory of 1868	4052	msedge.exe	83
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4108	4052	msedge.exe	84
PID 4052 wrote to memory of 4736	4052	msedge.exe	85
PID 4052 wrote to memory of 4736	4052	msedge.exe	85
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86
PID 4052 wrote to memory of 2484	4052	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e228e8b8589b782a5953817ae8640ecc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd1d246f8,0x7ffbd1d24708,0x7ffbd1d24718
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16708290357694796111,9338596195648258173,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,16708290357694796111,9338596195648258173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,16708290357694796111,9338596195648258173,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16708290357694796111,9338596195648258173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16708290357694796111,9338596195648258173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16708290357694796111,9338596195648258173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16708290357694796111,9338596195648258173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16708290357694796111,9338596195648258173,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3172 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
465B

MD5
25f7aa2d79ed65d46e084c91bfb2a236

SHA1
c41444d783fc6712936d2f48053bfb6ea472ea5a

SHA256
1a0d725ffdb8f1ee38919d811289cbbc0ff4d42e6af810a49ecbf41695e54356

SHA512
5955ccc2eac5c86aca3e9c86d4b14eb9f460f6bd3187d97b721c7575bb684b39e5efee8d872964dbc568f3c16df7bbe3ca885651f137bef3a9d06269bffa9ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1c7e5ffadcdb2d1aaae674c893d8a430

SHA1
b9bd8849e9016d8c08f33f813a9c85bd414be744

SHA256
339c226183d92bb8b1df32b5eea133c40d1e5e6b0931de4598cc7245528692c4

SHA512
1d3c7172ffd095d46557cd43556bb5a98c4f5435b5c2934c144a0beab80c24f2541e323601944d0aa1ad15953bca870da92f37c8b0d6fb24756d1378162e7779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3873b0d3164c771c2502408e505e74cc

SHA1
bd0706270ff7a1cdb39ff8a0c0e2d1307b8a9470

SHA256
98438bb24df9001273b8f632531b8bc6967c541e4919a2f1dd9931589e8c3cd9

SHA512
f6cfac68b25ac4056790733470eefb210beb2487c79b1d5f05fc52009d8fd31c8bfcaf928a80cb305f2bc34b960947c84f4e67da07a3e1ec2c588cf9eed19994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
312a551318b6771a4b6682d06d95cf25

SHA1
89446de006d8da70b448dda6173eb79af9c089ca

SHA256
a6d0fcbaedf72ba6bfb697e690f3652f72b1f80b11013c1d6cfd8a73dfa07a77

SHA512
49bdcae9d9e3df1612e8178198216aa22428483fdd3999092d32846829ee7ca4a6caa3865072789e7c8cf1046d7e71bc603b20eef1a9ed328b80b8b9b6174cb6

Download Submit