e60b1c2a5c90e34b109dc72c4a35487846fe951bd31dcb3cc632da08a09d0cf7

Resubmissions

12-12-2024 19:30

241212-x75h1sxjcj 3

12-12-2024 19:27

241212-x6h9dswrgk 10

Analysis

max time kernel
146s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
12-12-2024 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e7eac92a9f3da52cf0a070e49f905ba7_JaffaCakes118.html
Size

158KB
MD5

e7eac92a9f3da52cf0a070e49f905ba7
SHA1

e6f8a67f20df3ed62efec8cc5f0cb0fe4d0e6099
SHA256

e60b1c2a5c90e34b109dc72c4a35487846fe951bd31dcb3cc632da08a09d0cf7
SHA512

0af70721705940ba09cebb589a0d53773d01cf130631799c7dd0b5dbf1206cb44ad42e02347bb121aea626cd04b029913b66d5c07ce59c4ced808a5e940debd6
SSDEEP

1536:iWRTo0MxUs2Ux9yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:i8yp9yfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3800	msedge.exe
3800	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
4584	identity_helper.exe
4584	identity_helper.exe
4792	msedge.exe
4792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3800 wrote to memory of 3208	3800	msedge.exe	80
PID 3800 wrote to memory of 3208	3800	msedge.exe	80
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3264	3800	msedge.exe	81
PID 3800 wrote to memory of 3720	3800	msedge.exe	82
PID 3800 wrote to memory of 3720	3800	msedge.exe	82
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83
PID 3800 wrote to memory of 4040	3800	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e7eac92a9f3da52cf0a070e49f905ba7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa41823cb8,0x7ffa41823cc8,0x7ffa41823cd8
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,12709549875527602489,14697939331415237936,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,12709549875527602489,14697939331415237936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,12709549875527602489,14697939331415237936,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12709549875527602489,14697939331415237936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12709549875527602489,14697939331415237936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,12709549875527602489,14697939331415237936,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,12709549875527602489,14697939331415237936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,12709549875527602489,14697939331415237936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12709549875527602489,14697939331415237936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12709549875527602489,14697939331415237936,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12709549875527602489,14697939331415237936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12709549875527602489,14697939331415237936,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:2688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
1ba807dff113f64ceb3a4b8eb06b430b

SHA1
d3b5191e37fb2662eca40cd87f4e9caeb3893993

SHA256
5c758fedd51f8e100571438f0d21511c95488aa8bc5ac4b751ed5f349f86e047

SHA512
dcdaa5e579874521d82820fe236fd25c8916738534335f7fba02a426199a756e1b2b9e5274af7809ce48adc3f86793544bf9ef8e175270274c884823404d1f23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0e798e20293b64a4b139f5670c4555b3

SHA1
44551d08708be164c06f18904e18ca184efe96bf

SHA256
dd0d625f8260b23ce78009ca79173110bc8a6f7d0cff5c0ca53ef3f248025d9c

SHA512
6fff08c5c4a50d9998f97d6f084744e55ce7e01ad298d7a94fb5efea120728aa0e46c774987f2fe08af2b695c67c6c93a3c9ddaaafaf7abcdc3e43847a581d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b0cf40612e1adcf31ab5b7560ad81149

SHA1
dcbc749816b69e1aa49b6e0d52c575808b13958d

SHA256
92c8839279ef51e04784b26c0d867eeac4d2204917af22da59102d721f6ebeeb

SHA512
f828f5e12bb1aef9c63417ee3b3bfcb1325c44b7841b7a55e77be8c307672bad56bbe2680c809b8557a93f8801fc2595f2d82999087ca995810a91e8daa44bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ad5d8cb8fda3a3645d1ec5653e0600a4

SHA1
ab7f937c6e5ebfa8edbc0ab0a4dc882e4404f048

SHA256
e329b451ab6e542547cfd9f01d588f7a60562d348ea43c7cacb85b662f63c4c9

SHA512
7741ceb414650cf633197e5313164cd9cc623f852a0701f572ba13e3b24b75da25d11f84f62dbec588f503cdab0a5f07480857fb9fb8bd0b09c861b6c1158fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a6369adfac6fc30906311bca3175049b

SHA1
84773a42d17b5b49cd4822923f8f6252322e62a9

SHA256
c75c93e55a69208002533faee46fb1b5cff02d68ae279cb2be28da71509b39ca

SHA512
1b9c2ca0e5e9e5d9f851fa7b2e3b960ffef2c152d4d2a773f4cc604725420d0bcaf14d180d6c6431f0777f687354f5e7d7532d2084815fe672864c21638d2f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dc5aa9fd1cb355b11736660ea5abefbc

SHA1
b93a0741075d084c40b4abd46983479d1e871e0c

SHA256
8cf8f915e38fe368fbba88955619ae98b06cdff9e6fd667b39b2b3346e706fb6

SHA512
01b733a9d61f83036be2f5fa1a1a9db8e6d447312a5e0d07d213c4ea61231631e4769921dee514ae1a0d9d92cee83543c0c36025f4dc93d1fc483bca4b0c540b

Download Submit