90a3e673b3fc35474dc659f34a106956cfa18f129fc924710838e83acc107cfd

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 21:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

faf8210067c28c906ea7365d3e511172_JaffaCakes118.html
Size

139KB
MD5

faf8210067c28c906ea7365d3e511172
SHA1

ef1601d9347007cbe9af8c0214eeb4953ca3b255
SHA256

90a3e673b3fc35474dc659f34a106956cfa18f129fc924710838e83acc107cfd
SHA512

c2651a45e2f2a9bb6e60d8d5400b59a2b4702edd4b5cbadd5592ed1a1c89a9893fca93f0ccf989110fde0ccaffe59ab811d146473dd485246fe934e90575ef22
SSDEEP

1536:SofV/eeoXNlY7fPdyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:SofUXgyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
544	msedge.exe
544	msedge.exe
4976	msedge.exe
4976	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 5004	4976	msedge.exe	82
PID 4976 wrote to memory of 5004	4976	msedge.exe	82
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 3636	4976	msedge.exe	83
PID 4976 wrote to memory of 544	4976	msedge.exe	84
PID 4976 wrote to memory of 544	4976	msedge.exe	84
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85
PID 4976 wrote to memory of 3800	4976	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\faf8210067c28c906ea7365d3e511172_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd860746f8,0x7ffd86074708,0x7ffd86074718
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,18430973764480101812,6379583084500317988,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,18430973764480101812,6379583084500317988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,18430973764480101812,6379583084500317988,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18430973764480101812,6379583084500317988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18430973764480101812,6379583084500317988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,18430973764480101812,6379583084500317988,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
38189a0d229f57aea6082e6605f3ac0a

SHA1
025e20a07d1fcc8b4d9512337ccf9367a1055202

SHA256
97f43cab77760c574ca1f52ea26f6b742f3f401b710fb9159c5844af15e0d70f

SHA512
011e77291efed019f73061ff99bfca433ebe0cc97e91ef3083b2ada5b5eafef659b7aa3feb430f439bd14cb8792a3e26afd9999eb74d25aa03da05be7771c8fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
083996bffb0f14d178668aa0e5d9d007

SHA1
ab50381313719759cec823a942ae78b845c53926

SHA256
c6329904d0e8541cb78f6afc6d90439464334aeb0e2b2d5e3e654f1754ad70cf

SHA512
942ff047f627da76ada1364d20b88864a94ed8a8f157ec38acf53a4a5816e62792b770741b011eb0df1e01ec829c273c710640eb7ecc78bfe87983f1d52caf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dc7d9b502d321382f556dd42efed9f29

SHA1
7b485991a1606e3faee064ea1f27410b8cf462c2

SHA256
5a76c77277b28bed534fdcfb2cbc4410f0f4746eba6fa08305842f431f0a34c2

SHA512
7cc666f3abb03af7e520c08fd3f959c6f90ddfd1a7db1b510e381bccac66dccfc4d985e5b0588c4e4c4a8a3bc92a6995641e318e5a365c9f9a5f5064e001359c

Download Submit