4e8bd9203995caf797a15236038c317a493ff058bee7a984087f5cf270ebd37a

Resubmissions

14-01-2025 06:02

250114-grm12ayngt 1

14-01-2025 05:55

250114-gmetvs1jgr 10

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-01-2025 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_36ea6bb89543ac2310d0ba15df3caaa7.html
Size

35KB
MD5

36ea6bb89543ac2310d0ba15df3caaa7
SHA1

67a528fcce088140ec6d7480f6aa3de6df290eb0
SHA256

4e8bd9203995caf797a15236038c317a493ff058bee7a984087f5cf270ebd37a
SHA512

dbd7367eec806c95becbb7145941d812188c860ebe49ad6814051722cd41ad9c8de633994f9263272b39096154ea02ef4c22c310470f393dacfae92a71b92736
SSDEEP

384:Sri+/DxVkrGYqkOW2QZhwC0Dm6Prc4/VLXBawoKoQcCFx0Jd9dkc:Sri4SaYqFM0S6Ph/ZBzR70Jd9dkc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2668	msedge.exe
2668	msedge.exe
1360	msedge.exe
1360	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 1496	1360	msedge.exe	82
PID 1360 wrote to memory of 1496	1360	msedge.exe	82
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 3620	1360	msedge.exe	83
PID 1360 wrote to memory of 2668	1360	msedge.exe	84
PID 1360 wrote to memory of 2668	1360	msedge.exe	84
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85
PID 1360 wrote to memory of 4800	1360	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_36ea6bb89543ac2310d0ba15df3caaa7.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b00e46f8,0x7ff9b00e4708,0x7ff9b00e4718
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5049791549932259525,17612993686862757346,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,5049791549932259525,17612993686862757346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,5049791549932259525,17612993686862757346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5049791549932259525,17612993686862757346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5049791549932259525,17612993686862757346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5049791549932259525,17612993686862757346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5049791549932259525,17612993686862757346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5049791549932259525,17612993686862757346,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1280 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4ddf1a35bd0859a19e92a599b1da43d4

SHA1
ee6f1ba5c4e0b8cc313d8e813da7efbcfa947842

SHA256
f44c1309b2e5ab83f1b6b424a051f07bab38ee667b8206b7e1d443e806c73432

SHA512
6fa6f2a3d788edee3a07457c7f52eeb0cdd660b9e09f975284fabff1e41d771875339983e6f4da6c12cbf150e195d14ef8366e44b1c6f8f11b9b0d8abfbf1aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b1e43a44dab6e9a97a58d9f84017fa0

SHA1
170502ede6e0b49e70933cf70e7aa72e9292d086

SHA256
9a24e44d22441d63ef1902e335406944b6857eda59cd2500d68b8c8274f6fb5d

SHA512
fba5595e08a0948bec57279b069196a14161807335b28e50fea45188354a6855f39af13592a8b26e748642d6b9b15fc1fbfe8cbef536e8db9be81021a0b9f49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a11fc31c-995e-4a92-b063-b667a35133b5.tmp

Filesize
5KB

MD5
ef15fd0c4c0dc9739d9854ec6d46cc38

SHA1
7d113fc86e89937307e258fa67422abd00251f29

SHA256
deb9649ebb766c47ac79535719fa293d210cde9b7a285b3b99fecdd619e19146

SHA512
54aaf2c7c197e1241ea095c2107fd88b7a41361ebdcad7aeef3def55193b84deeec3b333947610951a4794295364c0e04544c09180e520f3ee7f2c710e38a1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8192cd9dbdf81e714424a064ddc69621

SHA1
6e15e6fbb7cf1ddb42282a4b5973f1c5920ea2db

SHA256
1b10a30fc5eef0e257c5bfd2419cda0838e7579459ef8b05d6964b512bb4c5a0

SHA512
0c3b875ef6347feea6034f0f7839da6451c5f69115889fa323b79f8a143acbed61c166fe6a8dfff1f9a671a434e8bee280f19864848466ee5b085bb3618878b2

Download Submit