a925cde3872a9a2057f9cd0156fa8bde47d212aec521604c97ad172c7ce9faa1

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f0244831481e7320e37ae7540c84d69b_JaffaCakes118.html
Size

314KB
MD5

f0244831481e7320e37ae7540c84d69b
SHA1

23301d383fdbbc2dc845183d5dc856bf248e179d
SHA256

a925cde3872a9a2057f9cd0156fa8bde47d212aec521604c97ad172c7ce9faa1
SHA512

2a5a755045a4a401822aa88e8bf39ff8552edfbc05ef3b963fcdb0eb0fb05980b2e7080d61739d4ba4e95ff8949cc788a63f99f3cf89b0a76743547b75796637
SSDEEP

3072:A5nB1AOIQ+zNGkrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ/:ogscz9VxLY7iAVLTBQJl/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2244	msedge.exe
2244	msedge.exe
4744	msedge.exe
4744	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 4724	4744	msedge.exe	82
PID 4744 wrote to memory of 4724	4744	msedge.exe	82
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 4632	4744	msedge.exe	83
PID 4744 wrote to memory of 2244	4744	msedge.exe	84
PID 4744 wrote to memory of 2244	4744	msedge.exe	84
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85
PID 4744 wrote to memory of 848	4744	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f0244831481e7320e37ae7540c84d69b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe72da46f8,0x7ffe72da4708,0x7ffe72da4718
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12836638766510702035,12632005548221834542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,12836638766510702035,12632005548221834542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,12836638766510702035,12632005548221834542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12836638766510702035,12632005548221834542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12836638766510702035,12632005548221834542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12836638766510702035,12632005548221834542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9f0fa1a4-8cc4-43ea-8b2a-1460628079d8.tmp

Filesize
5KB

MD5
84f7a0410eb577478b8533945992dc0a

SHA1
860e62e6406fbe564c166e9b2d472d9dbf96a8e5

SHA256
59795a70f1d3004f938ad9afcf5e47b1ce512569a606b0af03826a0c62fd343c

SHA512
38990c538cdb5d4cca828a63ba0b9b286dd8f74687f10ee1aac86a606eee3c2b55b94ac8f1b7c61dfdda5109817aa32357ff86ae61281651bac39ada106f42d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
896d5c774e5e3a936896d9a318dbf96d

SHA1
0d4d2d9b288f5587441271b5455323e8a3dae638

SHA256
f19519efc60a2c7dfed33a737f59060a149116421709580ae6b8d7f576133bad

SHA512
62ec009a4f36be033257bcc4fe1c127dc171e2d56d0e6fc35d046db955de799c080b7c8ae26dfc81b0ce637d68c54ddfd641a5c5249638d0072a741b4a502fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7de9d76760dcc63147e6adc9c1287d52

SHA1
bd88b81e225187a1b864f3533440f414a4819eda

SHA256
91c64cd235c3304de821f89b027454c9a2376b0eb67e76baecc5ba41f9b91250

SHA512
8e3c7e43c45b9b5f53a008bc64d23e71bd435ac2c86ba5ed36346e3fd22b230c61bf8ed1cbc584cfde515566d571ff5f741954020e1db822671d1aed93a2ec34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
172c67e57c2e32ea36d81f891c5371df

SHA1
27a6c1715426429f8184027077c9ff0e2ee2d1bb

SHA256
179b1e69619cce8abd62d94b0b9d09abfb20145e0aad308184a0538285ed82a5

SHA512
27777f7b0a5b29b6bf9a5f7489178d9acb786661938e0db5538d0e679b97fb3a380b072338c48ca2c10ceca9806b1da08553bea77f3b41e78873cdb57c76607c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6ab5ccb8eb0cb04c5e121e531c61bd0d

SHA1
5449350c42aaa83d55736d7ffe93ead85471b032

SHA256
20a9da47a2c6d1c93ffb866a0e14253052e40f07afdeeffb1a69fa9f2dd24dbc

SHA512
29d30d1b7e78363581bcdc8179fdeea5755263cb20683a00ecdc042453b5c3d4081a7cce02501db276323cb0c04be86fa3c708bf3c292d83402b30291dda1ff3

Download Submit