05b5fe7c3e70033d85438c187444c3ddfbbe93c9e45f93afd3e83b528922cc58

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7eee2a64e0a99f13b4cd0d6648a3a1a_JaffaCakes118.html
Size

214KB
MD5

c7eee2a64e0a99f13b4cd0d6648a3a1a
SHA1

cb5b1860cda6f894bcd62f9fa83e84c4c66d6ae4
SHA256

05b5fe7c3e70033d85438c187444c3ddfbbe93c9e45f93afd3e83b528922cc58
SHA512

0a1e02b00a0c591ce1f86432f6a1ea34c49684f06d1bc1c7d941bce07dca620f8816079e9d4c5167f7041e2c6545531f2b41ecb0c0d4721c7089452d9e759525
SSDEEP

3072:GrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJN:ez9VxLY7iAVLTBQJlN

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
2536	msedge.exe
2536	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 3184	2536	msedge.exe	84
PID 2536 wrote to memory of 3184	2536	msedge.exe	84
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 2588	2536	msedge.exe	85
PID 2536 wrote to memory of 3440	2536	msedge.exe	86
PID 2536 wrote to memory of 3440	2536	msedge.exe	86
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87
PID 2536 wrote to memory of 2384	2536	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c7eee2a64e0a99f13b4cd0d6648a3a1a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff526546f8,0x7fff52654708,0x7fff52654718
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7569323967767582514,2543445124593001018,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,7569323967767582514,2543445124593001018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,7569323967767582514,2543445124593001018,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7569323967767582514,2543445124593001018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7569323967767582514,2543445124593001018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7569323967767582514,2543445124593001018,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\91e69da2-a526-49cc-ad70-d63898929cbf.tmp

Filesize
6KB

MD5
4c26e8b95f7042eec4f54a6bc73447fc

SHA1
f423c218189e2e558ce616a917035cb1e9b8802d

SHA256
7c66d92e06111961a1da547a2ac98fe35c08b334e7149096c6d2052c67fd14e5

SHA512
e2ac8611e89aaa260dff4b4b4fe4c5d796a94c7e459684f339fa0a9b17866d38657d44bcadb38a2307055ff9adcf6722672af0386a7136302803f24e5775cbf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
994995f68db08c03c0de74c62104108e

SHA1
90d8e24dd5de5410382bfa20e45bedb647ccb4b3

SHA256
05236bda0a043da365f366edb1cb9f727ae69c128ebac5572982dc466896ada6

SHA512
50f2fa9c8e0644add01f9a462aa26f44ec224cef46946bb758e81f46729cfdefb2b545275b42d37d11da1cbb56c495373da8f4f1674740c914ecdc5ba5485694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac7544171b4f9f049c983150c07da0d9

SHA1
534a355d4ffbfdc469bbc7aa650725d2d013012f

SHA256
8a2d785fa0f14c2d5bbf6c6a754bfcece1d6175851e5da4bd94993066a60970c

SHA512
d5a85f56de9f6ff562470f209bda2c1e2ff4f66fcd28ad7b2388e8908b93fa6e1f85c07613349db9a527a55160f023c9f81a5a52008811660f18ef9ce8b308f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0fe82d91ef065fb1e0dec6cc2ec74531

SHA1
998cbbe990e6c1a4153dc2f33aad1cf043f0f241

SHA256
13dff2ebdec7de70bd7645a02beedd100c3ea2ca0ad708017685778c2195f27c

SHA512
e275ba434684b3debad0651fd70c6e86639325e9d02b9861fe825496cea2354efe84dd35f09a0380b4d7d7cc5c1224005b218b2b24043501d3742d8cf1a414a1

Download Submit