2c5348e0be6f40da2310acb2a5def8a9f143d98f339d8adfcbc16a3fdf1d42cc

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be42bd2f4849b28b198a19c3a683ed9f_JaffaCakes118.html
Size

18KB
MD5

be42bd2f4849b28b198a19c3a683ed9f
SHA1

9deae97774a00f2abff5989a6f4964ee5671e0f2
SHA256

2c5348e0be6f40da2310acb2a5def8a9f143d98f339d8adfcbc16a3fdf1d42cc
SHA512

0ee3f093f3e5845403b6e9ea5d2c2c7b65fef73576303b5e1d26fcd12b0be8b97fff0bad70af52363dc95a65b723ebd25f68c9754a55750350dc0fb3e148b378
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIY4izUnjBh+A82qDB8:SIMd0I5nvHnsv+DxDB8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
3568	msedge.exe
3568	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3568 wrote to memory of 2644	3568	msedge.exe	84
PID 3568 wrote to memory of 2644	3568	msedge.exe	84
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1336	3568	msedge.exe	85
PID 3568 wrote to memory of 1672	3568	msedge.exe	86
PID 3568 wrote to memory of 1672	3568	msedge.exe	86
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87
PID 3568 wrote to memory of 1348	3568	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\be42bd2f4849b28b198a19c3a683ed9f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80f3646f8,0x7ff80f364708,0x7ff80f364718
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13902937153983224487,11150678545401653708,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13902937153983224487,11150678545401653708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13902937153983224487,11150678545401653708,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13902937153983224487,11150678545401653708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13902937153983224487,11150678545401653708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13902937153983224487,11150678545401653708,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dfe89eead742cb5ff4aded8eab2b68e9

SHA1
3e7236c83f878be082c2958e5a9a99eee66a51b3

SHA256
cbf55e8c9e4eda1405a99800c1ccf7fd006f435c93b4df8726a4a394b1e692a6

SHA512
8e9b40602a9321c89ffe1d3a9a521ccf57d9ac8363207011453a012e403fde50296a89697f57c6397ffe802e435a4301ae45cb5376f71b9d4f0952cf14194c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d49706b6ddca61f9f518f3ec8a5dcf81

SHA1
40e661e9a08e7255dd1ac91487e2828ff0f436f9

SHA256
184c99c8879686d967556cd8db5837a5cfaeddd331af28973508ae6e92232f0a

SHA512
f117e0cdcdc0d25ddaac914e337d7e4ccb8270dbecfbcf61130c7de2d8b5de172d96ae4bb608dae8df0d88ee287f0785e1655ad500236a281bc8de81f1952dfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e6d34e4d-2f5c-44e9-a728-db90bdcd2b1b.tmp

Filesize
6KB

MD5
f2555358ee69f98c32aa202326ef377a

SHA1
a751a9b6dac793e873e21a8e7c1564336d67d7ae

SHA256
105f6d18dd8d41230bb947c33ddcef2f4b807a0d642973d24672ac5d343fba47

SHA512
e48818870d230f9e70aff7fff511810bc6838d536572140979736e46fb3062c79980abe128a0bad15ea050e543fdc5ef28e27f80164d8106d8f448cbbd06c5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e10c4ee6181663702814fce878fcecda

SHA1
39bd37f87ff73435e54774ba323766081ff745be

SHA256
6417713da2eb8c2223c782a588d312a63784d7d4cb673588267cf7b79487705f

SHA512
635833b8280a99b8c3f79b8c2ebb25c9f716742597bb1c8d9c3de9107fa80fdc8360d6f71a8000a295cf9e4574fa9ba897fbd7d6a9829bfaeb144553b3f09363

Download Submit