7bcedf3c77e726c4ada293ada1db19836a9bdb3049f05ccfc6a60ce8f7657136

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-09-2024 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db2451d99cad15491e30bfb45bc8456f_JaffaCakes118.html
Size

139KB
MD5

db2451d99cad15491e30bfb45bc8456f
SHA1

73287bf5709d5c1a9bc7142aad0a2c0162c8ea21
SHA256

7bcedf3c77e726c4ada293ada1db19836a9bdb3049f05ccfc6a60ce8f7657136
SHA512

41a9925ef8e12513316523e8df9ec07bfa3885537bacf77d6710d5124e0f9bc6642b75dccea3139383445e7d53f98a37bf7f43a3b37c7d59ca4b2bb45fc69b15
SSDEEP

1536:SEtGsWu6FJsJlVP/pyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:SE+NO5XpyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
852	msedge.exe
852	msedge.exe
552	msedge.exe
552	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
552	msedge.exe
552	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 552 wrote to memory of 460	552	msedge.exe	83
PID 552 wrote to memory of 460	552	msedge.exe	83
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 4740	552	msedge.exe	84
PID 552 wrote to memory of 852	552	msedge.exe	85
PID 552 wrote to memory of 852	552	msedge.exe	85
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86
PID 552 wrote to memory of 1772	552	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\db2451d99cad15491e30bfb45bc8456f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb70f746f8,0x7ffb70f74708,0x7ffb70f74718
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1112837902907262653,11091403357128222224,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1112837902907262653,11091403357128222224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1112837902907262653,11091403357128222224,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1112837902907262653,11091403357128222224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1112837902907262653,11091403357128222224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1112837902907262653,11091403357128222224,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f864e750d9b2895f19a9c48a89f9004b

SHA1
cad65e138bbe74d444be1013d24940dad922f977

SHA256
89047a8b79e213eb8fd904391a3c8e8db9817d82b05a491063c94eca6374ff33

SHA512
c216158ba8331b4cad1f63eb6af743c8adbfba0bc682b60e1b77dd24f1bb94688fe5c1bdf6879c9dc59088c93e176c15b3f7683b936ab5e82fb3c9736fd48ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a5ac1a4397fab5a767b7f7a2b8fe360

SHA1
fa8c163a6177a16c1e057cffdd0769562a94e481

SHA256
46eaadf9d4f75854268e27aeef7aa3e639f3aec82d514769b12682bb366b310f

SHA512
b63b6ae8d96e0d9cba0a9b415aac76aaf641394c5c78ab3738156eb5312b0a686fcaadf7f0cf2d5ffdc2f18c389bc2fe69c6c3d676b4ea77e7a9a22527119c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d60f63083818338ec3fb3c1638377aef

SHA1
d330576c460e641af4c5f0094329fd661ba13a55

SHA256
d981db8a246f86f45e1bbd74a8fb1f083381b573d2df200a1dd6a2e8b48b1867

SHA512
2306339d6063099485f092e117a75f6a9d76345d8af4904a02e3ba68702ad69a4d279380ec6bf679060d3d860667162fb513396d3e85be50305c6a44c85a2ccd

Download Submit