b2571e5edd075972d75f7e2d7093b9e8b2e5aef02996f55c2b68dcf0d598c1e8

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 06:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa65e5ea28d7b88acce1df033e7b079f_JaffaCakes118.html
Size

2.3MB
MD5

fa65e5ea28d7b88acce1df033e7b079f
SHA1

e62bd9ef0a8994d52c48931b4ebbecd96e0e39e2
SHA256

b2571e5edd075972d75f7e2d7093b9e8b2e5aef02996f55c2b68dcf0d598c1e8
SHA512

04345a1edf7d0e1c803420e16bf1d050e63c7c02bf589edcb6cee8cac8d1abd81ef41356e28f54b5ed12ec28665183048715dedfc6b470674703af8916955eb3
SSDEEP

24576:L+Wt9BJ+Wt9Bq+Wt9BU+Wt9B7+Wt9Bt+Wt9B1+Wt9B5+Wt9Bi+Wt9BX+Wt9Bz+Wy:1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
3336	msedge.exe
3336	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 2632	3336	msedge.exe	83
PID 3336 wrote to memory of 2632	3336	msedge.exe	83
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 644	3336	msedge.exe	84
PID 3336 wrote to memory of 2372	3336	msedge.exe	85
PID 3336 wrote to memory of 2372	3336	msedge.exe	85
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86
PID 3336 wrote to memory of 3340	3336	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fa65e5ea28d7b88acce1df033e7b079f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd38d46f8,0x7ffbd38d4708,0x7ffbd38d4718
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,7102046640928063159,746916834142390165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,7102046640928063159,746916834142390165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,7102046640928063159,746916834142390165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1824 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7102046640928063159,746916834142390165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7102046640928063159,746916834142390165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7102046640928063159,746916834142390165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,7102046640928063159,746916834142390165,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
318B

MD5
80975d6452c1e568a4d8b2e90835f07e

SHA1
7c00f308b6d52e93f317a7da915c5c24fda90b43

SHA256
a8eb46d9e19f743972b311b663a62f132dac17700318ba96fada7ba6fee3b415

SHA512
c937704a2332922a7b69f8b45a4891455149e2576fe7629a401bbb6bde2e8aff215ae63016f7e74d1db02c97707c39bc6aa04b1bb69a8985e4e38f34b9d41d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a412f61a9c50be83c92847796cf96d70

SHA1
d613ae0a017191ddfde82c08a6a0f9e4fd24855b

SHA256
76733f5ab5ea5586d2b85b748f2875b6a4a0734051bc70c0338c6e8b3c242842

SHA512
49d403f7cddc8513677c0245b74a7b31bfec4600de2c3ce3785f572dd4067a9abb4544b95354b6616efb3196bd986db5b2ffaecb45ee2f8f5437136e74d8f6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65ff8daace81ad0c000be87fca432588

SHA1
36866aaf74d8218eb410dd6caf13a7579d2e3502

SHA256
4675a0b3348884ae6c663aa29c97c1f24ed4f44078b86155714815324408d183

SHA512
b1283b41763388e1bd4b2338fc6417cb70d97b369aaccebdc42b315413705d855d3e26ed9e2a40899b5647933e1694f9ee5775389eb8fa7a8d568384e8ae0402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
09d1ad11217f3b04c15cfb36e415e41f

SHA1
beed3484a2bfccdc436f3f7a53374c8a407a8838

SHA256
f4723d4a91dcf494912019255f3057d7f42622c779827dde3fcc9cf3693860fc

SHA512
2c1cd9a31af203d34a74a765d0cb463e077168a229957c4eb3e042862ac7f778134b6524a2ef7226822f8e7447c7df48daa6f59adf061597284d0d108daca972

Download Submit