b581e918dedbaa64686797d3f69b764d2e2ab4a3cda43c31e94cbabf03ce9362

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/12/2024, 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef9637242542e69aab0b0dc47ad9bf94_JaffaCakes118.html
Size

198KB
MD5

ef9637242542e69aab0b0dc47ad9bf94
SHA1

d4a49630d06ae34777e8227c5d9d47c1b23def60
SHA256

b581e918dedbaa64686797d3f69b764d2e2ab4a3cda43c31e94cbabf03ce9362
SHA512

c4f7fd2bb98044f10db07353ac144add6f71522b74263f79f80b5e3b42e7e1c380eccac9aa93fc85915472071676bf99ef8851510d022afcf411f96f99a926b3
SSDEEP

6144:j6ZQ3DP8ciSIIrBSDS7/HMLIRknoa5yNWd3kFoAcJiU0DMZOJa0XUgqz8NDnu2/I:yQ3DP8ciSIIrBSDS7/HMLIRknoa5yNWd

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4344	msedge.exe
4344	msedge.exe
5000	msedge.exe
5000	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 3836	5000	msedge.exe	83
PID 5000 wrote to memory of 3836	5000	msedge.exe	83
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 1696	5000	msedge.exe	84
PID 5000 wrote to memory of 4344	5000	msedge.exe	85
PID 5000 wrote to memory of 4344	5000	msedge.exe	85
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86
PID 5000 wrote to memory of 512	5000	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\ef9637242542e69aab0b0dc47ad9bf94_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9eebe46f8,0x7ff9eebe4708,0x7ff9eebe4718
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,7167010374299316862,15132027344004545102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,7167010374299316862,15132027344004545102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,7167010374299316862,15132027344004545102,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7167010374299316862,15132027344004545102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7167010374299316862,15132027344004545102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7167010374299316862,15132027344004545102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7167010374299316862,15132027344004545102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,7167010374299316862,15132027344004545102,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
20KB

MD5
2ebfdbd309ee762211b4a2ac39708c4d

SHA1
b002922c672dbe1dd4caa02af24d0b1e7da616af

SHA256
54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

SHA512
d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
2fe77a6248598d17405789fe5d228f97

SHA1
6e15a5fa7659086bd3649fa2014d652cfb364742

SHA256
34b28790c304de39e6fec068f2810c510e694e9502906019aa5a3f0c0cbf389c

SHA512
c1189d0f7ac6512946c776acec3942f7012aeabee453c2c23f0913345646ab01707a9658f0548387d01ad749195fb7d83e71276923e0823baf19f39972b5c013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
8b6141122c5ba477501753a8c8d2baa6

SHA1
c5d224a25294e749ca1a81a250a85caa42fb5066

SHA256
7762ab6f7053b701d7ea096afcd919cd7baea12cb4e9b0d6d8d6d33ae43bf00d

SHA512
065f58dd7fa98fea8471e5280021ceac4e67f6830cb356850045877e77dea07823d55beb3b0ba98bcae524ac65713e61c32e4118ab4ab18e9d4105fb87bf125f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2442eef2634af1bb654acfb5881bff71

SHA1
b9e0b2dc3ecdab71d80e6063fd3543caea6f3f3c

SHA256
849f29cfdaa86dd6172940eb2c352bbccbf33b5b96148164f8ca853dc91a44cb

SHA512
2354ec20299d58f470952b07c47edefa0fb4ebfe4898ebf78132ee815fbfaff104ed172c3a10c90fc73aaf107fc5df64369e3028cf6915d89ba7164dc0f69c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
025a0e40e0b59412a4fd913bc1dfed91

SHA1
3977786a47440379ca0022aaddd8735e2ab94007

SHA256
de01fb954c7804cb26f183ff308db6b86435c1e22ae79b70e4f8d694e3f14c3d

SHA512
00a9ff32c86068239a06f38f348c5e561a48a89afcd9e91de51d85325d37e1167d6053ef33286ec2bb92fc6477100d84a36b5a525abe4957c529b920196c42bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a8b75ec085255d0e95ec8fa0eea81a8

SHA1
b08ea3f8796740a4242b0e82ff5971870a371426

SHA256
e913b0ce0d1b338b353e11cdf183bced9af4cd9a97fc653561aa7b5b0dc29d95

SHA512
d05b4c49f6d7408ee4c0d33e474ac693e22dfa225faca518b206c45742e2f2c7609171f62b78b6dc850a16761d84921ebe3af8695e9585c03e62b5938eac84b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c1f4a18292df926a6297ee8f54323eb2

SHA1
64706ae136c67a89dfda89069ad1f46c8c0691b8

SHA256
3bdffa9a8628d59a6d023aefcce121a57ee2cd5e21b31040f8d2e59d57d08104

SHA512
32ccd06f8e825a1e1b9b29b3907f25ad3b34d446c544c4308043e4bbd212bb0629fa6127c360078a94232da2d2bd37d8d96701de7fef0d32aa46a75ac9f59f08

Download Submit