b91a1f731f9c98cf157a22d67f83d95d71a364561af22b579673e17fa1f8bbb8

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-12-2024 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f93b6cc31522801431ca68bde8f338ff_JaffaCakes118.html
Size

87KB
MD5

f93b6cc31522801431ca68bde8f338ff
SHA1

e3c0bb40980eca8df52a2385eeb4240c42e5c48b
SHA256

b91a1f731f9c98cf157a22d67f83d95d71a364561af22b579673e17fa1f8bbb8
SHA512

4c3daf0fac98d387ebe6f88f73b8f91f806597e5b4bd655fc8eba77c00614b3623409f1d02ffecd2320096a630e380118bf57abcdedb94cbc1a97b171394c208
SSDEEP

1536:WC/A/L5ETQuufXVzK+8HasslRNodTth1h88CB3MrXJr/qPPwGcUjZXmEzhD:WCA/4ufX4+8HasslRNodxh1h88sMrXVS

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2920	msedge.exe
2920	msedge.exe
1904	msedge.exe
1904	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 1360	1904	msedge.exe	84
PID 1904 wrote to memory of 1360	1904	msedge.exe	84
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 1504	1904	msedge.exe	85
PID 1904 wrote to memory of 2920	1904	msedge.exe	86
PID 1904 wrote to memory of 2920	1904	msedge.exe	86
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87
PID 1904 wrote to memory of 2468	1904	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f93b6cc31522801431ca68bde8f338ff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92db846f8,0x7ff92db84708,0x7ff92db84718
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2777042065098312727,10955249605126160156,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,2777042065098312727,10955249605126160156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,2777042065098312727,10955249605126160156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2777042065098312727,10955249605126160156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2777042065098312727,10955249605126160156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2777042065098312727,10955249605126160156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2777042065098312727,10955249605126160156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2777042065098312727,10955249605126160156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2777042065098312727,10955249605126160156,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
f261130d79a723eab22bb561b606c658

SHA1
16a8775365f9261db531401f10698b6c068dec2d

SHA256
55f835e62fe5db15836ea36fbd66e399deb70f104e8db4c01bc24fef6eec7eba

SHA512
9a7e89353db31cfb82b1d0f5c26bf7331c1f47cd6aea65d5f793a14308e3c4e7f4bd82c2be260b29f4f5f718f069e445be3162407d38a36a9f694afd36ec1d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2fc506b955438b974f44908b42d5448c

SHA1
94352982a84d311b836509d09f1f9f3d7c4c953d

SHA256
18ab0f63ac002bf5fc3b0b3ec4b0ccbd7af1c36abbc50d3e74c88cd32b4c0417

SHA512
1c34a26b6d67ded5be38c5a0f156b3dcb61ff630e3d00ffe0a1791904f85eb4df02ce659599d6a77043c0155d7deb4a744b8c41148d6632bdbe93c054d7d6994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ad073a6d4a5b7322e961c30a290a5fa4

SHA1
3939f0a7b57711d3251db73fc862e263372f2521

SHA256
0cb18e5f6f3c9d02e61b9c2c1fd2e23ba765f3226f5e4a9f147edfaf0be79556

SHA512
966f872bd1f0b148fb84e376bc5c0886f7d9ae7f9a9e36820ec637008cc72fd3c6f90852e9577ef3724b44c10184e5db3447838e0db746e9b03970b1d5ca6c8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ab7e5d841c7b4addb88754cbb4d50926

SHA1
45aadada1973d775267357607af4c267cc4862ac

SHA256
c7f7abdf8aa797b941539cfa77507669db032f8bf318a15911b2cd4773cd7fcf

SHA512
9589f3641be924c6f941daad6c2f55166b6799f6d5f2686727640f080a792a6255c87c05e628a2f30c3554d9012c2de2dc823c71b1fd80959859dc9795251bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
543b961d37610890d662008ce7d1b7bd

SHA1
b2cf3ee8a83d72f2dfff8e91a12930a8866c3b43

SHA256
1ac1e34bbd2f0c8bbde578124abdc0a20db6379b5c9a799e7904b7f685f5efed

SHA512
c6980b798bea9c4e82e5b3e22efa3251f49cf01598f4b155ec9b8ac3d329d10d9981b21f055eb64ce8daedbb46468147c43db1fba1918d7c8341e5049ac932fd

Download Submit