8f0a2bbd1c4a4c6c36c532d3eb59ef59ce243dda05d10a1a59637bd580e95e28

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa78c424807022058b1397c6bfefd778_JaffaCakes118.html
Size

156KB
MD5

fa78c424807022058b1397c6bfefd778
SHA1

64ac08f82609b647c6cc53c0f4c081ee5a086e15
SHA256

8f0a2bbd1c4a4c6c36c532d3eb59ef59ce243dda05d10a1a59637bd580e95e28
SHA512

9f6ccbc499272116377361815cabdc9649cb4fb3b7984d6ee92e931b52c1d5add26ec3df73bd0618cd946ecb740540f6be7c68ee6739088c17fa359dbde1dc3a
SSDEEP

3072:fxx9UcjvG8rMUcXmNRS7vaCCSHi0od0sNgsL82xc4K4vRmrFUkxqmZt9k:fLGXmNRa20vjk

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
3544	msedge.exe
3544	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 2388	3544	msedge.exe	83
PID 3544 wrote to memory of 2388	3544	msedge.exe	83
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 1020	3544	msedge.exe	84
PID 3544 wrote to memory of 4624	3544	msedge.exe	85
PID 3544 wrote to memory of 4624	3544	msedge.exe	85
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86
PID 3544 wrote to memory of 2100	3544	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fa78c424807022058b1397c6bfefd778_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce3ba46f8,0x7ffce3ba4708,0x7ffce3ba4718
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,14931421987323504669,11819494394622818912,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,14931421987323504669,11819494394622818912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,14931421987323504669,11819494394622818912,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14931421987323504669,11819494394622818912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14931421987323504669,11819494394622818912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,14931421987323504669,11819494394622818912,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
79a731bd607d9093858ae8b923c00de7

SHA1
204f7cee490ab171314a06080d6cf189f458f781

SHA256
7f4654fdcf2f2267b2cfc58e242b276e7c62be98419a5b4b0d3629c669c15b41

SHA512
bde9c6a5788a4047a77278bd3acb6c1b18a0e175b4ff5d63ebf431b9165c892c0fee920e5883a45bd697cd26cd8abc7647654142ccff522aa24cb6439596478f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8f8476e0c8f1b84d7d281ce525da78bd

SHA1
daee084908e5b1c88e69a78f2e87eacd85c88bd5

SHA256
fbd1e4ad5029358f5c2347b8795f095bb80d217b547cb0f31e6e7eb8c9219a00

SHA512
86f963c46d6a2ba82b48cb0e7790a750d0373835f52a6cbb054100b7939b1be93b124f7cd99e8db87e3e8cdaa3782a76e14cfba25ba734539d519a2804596f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2614c0775ffda2ca9f720a3dd3826302

SHA1
b430a440b09da58d5652c2f2687b13aae0852bf1

SHA256
ac5a99afc8d41512ef6a1e4f657cf73e751883351cb047c2ddc988c7a86ebc56

SHA512
ad19b9f3a711c8cf8dea335f6e75bb5e3b757e3742094b432e137446fbb66f032fb6d276b36ebdd752aa39c111409f93b7df026d9b4cfb0303c65a191815748f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
e54dff30c9df9cbf372cb6c31c2071cd

SHA1
f1ac07e7b39fc6b2271ddaae0d5920f81e3022ae

SHA256
cf62cbfd83b7da0087952df12dc3f60b31d1305fdb9344572bee7fe2702a9c53

SHA512
4cf78a5cdc67398dd1d0b67b33cc80e1bfde8c2a76d57f6a27284ca30f0bb0d94a59830835caea387965de9aa5a9d47802721fedfce8c2ff1f0ae3eb23134594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587470.TMP

Filesize
371B

MD5
e5fd5d97feaa4ae71c2593ee5b09b9d2

SHA1
1c4a6aebb06f94ef76bfb81e9cde812dbbb808db

SHA256
5bd0a56516f0763f50a4acdc572ba2202de415e249f93458dec597f63a17a7ca

SHA512
88c4d9ecb14bea8b1ff8ab1cdfd02f5a88e6e452977030a8eff6590dd8dff9073a61fc20c1af187e0c5ee898dccf64a88995887eddbbe872dfbae184fd2890d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9893cfed5835d2844c77a2407309d62a

SHA1
f12e86697f6d966a56c41f9a1eb08146d591c317

SHA256
4feddc0a88a2c2fd7a9029d02df93a21c07a5b08f05484a64f67508979a8b5bc

SHA512
d25b0eff6ba8db71114f6083a90a20e430975f3df07106bb54ff16014985337f3f31df2494af3dbd2b9e0b74662cf5770542b6f0883841c8ce6110d983beffda

Download Submit