13fc4be349dddd518823dc960899284fa02c73b1bd1eeb1e6966bf91b1d2b66c

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-12-2024 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e90b8b57878b2b81c67b99bdb3cea85d_JaffaCakes118.html
Size

48KB
MD5

e90b8b57878b2b81c67b99bdb3cea85d
SHA1

3efa499d555697a21c1027e79ccbf4c87e216cb6
SHA256

13fc4be349dddd518823dc960899284fa02c73b1bd1eeb1e6966bf91b1d2b66c
SHA512

7f9ce7c8aeffe9300f1e600a555b64102b3a48b6a73993f9793fb81abd283fed9512b84ad192e5d6706ba42693cda50c8256850e8b876fcaf41ba42e896590e8
SSDEEP

768:/H8HSaVX3ApjFmoVYUI0ELgIJl7w0KVZdu2+R:/HWS+ApjFmoCU6LgIbeVZdM

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 388 wrote to memory of 3468	388	msedge.exe	82
PID 388 wrote to memory of 3468	388	msedge.exe	82
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 4732	388	msedge.exe	83
PID 388 wrote to memory of 464	388	msedge.exe	84
PID 388 wrote to memory of 464	388	msedge.exe	84
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85
PID 388 wrote to memory of 2204	388	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e90b8b57878b2b81c67b99bdb3cea85d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0c8446f8,0x7ffc0c844708,0x7ffc0c844718
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,1619903662447266239,6490377036255108197,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,1619903662447266239,6490377036255108197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,1619903662447266239,6490377036255108197,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1619903662447266239,6490377036255108197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1619903662447266239,6490377036255108197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1619903662447266239,6490377036255108197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1619903662447266239,6490377036255108197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,1619903662447266239,6490377036255108197,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ae9aebcec09e197499cf25f5f9e5231e

SHA1
e4a216a276cfe7f482ce9e01f4830680d61efcba

SHA256
8bb680c844e6c63338a7896a3fe6a324b26691ab0b582dd06dc54295f5ffbacc

SHA512
be5a0374bf10b53eae4205711d74ee0612e67f189e4519bcea623223ee6f602807a23fd6b708b23996e73fc477a8b537313d64f90f40c92bdaf3e1f1c41c56d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
736cf968b56536037f29d586543fdab9

SHA1
04e3a172e9077293d0a608a12362153349bca28e

SHA256
379841407ea177f3d9007edb82792440bf8d44edc52824e1f30ab5dbd33f4737

SHA512
7b71863f9393537e1c8f8b0195a55649a4ac6f23661111b328e5d2a41096af7db298454019c753ca842eaebfe1cad5a799bfd32faa29878c183c3bce47f61ee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ca80369baeb5df3ef96c6146847e2cd9

SHA1
fb063ade060e49c6efeb42fba3160148760d2550

SHA256
0e5a67d3d8313d66b95e03dfbf460e5b9e7379bebddd8c0c545910f1fafa0814

SHA512
edae3473ac1bf1c5f34d94301283f21cff8e4bcd897bb4d498006aad8c0945f88a63ad5ddfb6228b7dfecb800f9ae067694d1ccf8fc05d756035ed8e9a92dfaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14cb6c71302090f43f244f7116e95bc5

SHA1
fef162d6ccfbd4425895f76a6837cc64b2fdf368

SHA256
a285d68e37c88de3e78017c63af8f2775110e5893a57bedf7143e86a8b3675d0

SHA512
3f9910d8afd84ffda267f2aa867bb790a0ad7b7cba47a0f19d3f9a569670dc44d82fe4e8d1c6349c027da93bf94a8515a85585d8f3c27bdabfaf91c2efe58842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5dda24d89220d754ce79262ed04b3b4a

SHA1
ff795b6ca3c54e92d9a2045e0389e319418acdaa

SHA256
b56e7fd17dcdce3b0b5e4f6bf153a6747a1d98afd6923ad444dc506557f7faf7

SHA512
91c2508783409100a83898bf0deba4d5c41850a30485884f7ce90859d57e25032db7e65f2cca3df789ad570ab477cabf7884fef544ca81cf7313c55e5d0ed169

Download Submit