72c0d494018f72016ecc4b87432bdb062f9e38930c0d19813d31e329d6cfb1f7

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa1fad5edff0b9eaae3bb411b2dc3c1c_JaffaCakes118.html
Size

138KB
MD5

fa1fad5edff0b9eaae3bb411b2dc3c1c
SHA1

4a5ec8a3c24f76163216262dc5fa92b5b6b42640
SHA256

72c0d494018f72016ecc4b87432bdb062f9e38930c0d19813d31e329d6cfb1f7
SHA512

1bad2b825dfcbc593a99b6852d89e19f5c419e54e9a1e62cbe390d4045209930436c354bb7f1c7c9950353dfb67593688b0ef5e6856205e910a2bfbefee68e40
SSDEEP

1536:SqPPXOOS3tlVnyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:SqLSVnyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
1576	msedge.exe
1576	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 4640	1576	msedge.exe	82
PID 1576 wrote to memory of 4640	1576	msedge.exe	82
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 956	1576	msedge.exe	83
PID 1576 wrote to memory of 3976	1576	msedge.exe	84
PID 1576 wrote to memory of 3976	1576	msedge.exe	84
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85
PID 1576 wrote to memory of 2100	1576	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fa1fad5edff0b9eaae3bb411b2dc3c1c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8156b46f8,0x7ff8156b4708,0x7ff8156b4718
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17055481398321511784,14822148310765938074,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17055481398321511784,14822148310765938074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2584 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,17055481398321511784,14822148310765938074,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17055481398321511784,14822148310765938074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17055481398321511784,14822148310765938074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17055481398321511784,14822148310765938074,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
89a2ca7040c93b4636fa5746b9d7a37e

SHA1
730944c5751ee0dc052c6f7c1e1eff07e8483f67

SHA256
479cc1241030167305048a74efb0dbd465c0d41df716f1e3d250fea5f48455f0

SHA512
57beb50309200fadb0564eac981b5d2ed1fcd535b2bdeb65c89cf2d71f1ffc05723bb169676cfa2ba1ce0fae64ac19d11fd0728866cde90920916c74f9b0edb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4c181bd4f58cdf96aa837d157e1a1a7

SHA1
cf83e4101df0506417b7d8222f92d7dd12495d2d

SHA256
16f7e36bb8b13a888de823c2f663e013d3ba44f54627d81998d888a1a7dd9302

SHA512
cffbc3135911a41cdd6d1d6a94ede994feaad29e2a6e38097a9ef51bc6da41265096fad0b04192c0c7fbb00665fc33f6bc258db86f01d2bfdf06e93bced8670c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
96b70557d7d0658cd0e2c8e8ad352d87

SHA1
b80c44ade2d0f5ce58f5ca0ceaa7667cb58386c5

SHA256
9f98cad59866dc5e9d272a621dc5333e1ae6442dbd1a51e68cd4ca8b226b27a1

SHA512
d7c201bf1211eb65b2a2ceb49a0c759183ef040ab8bd251f389cf53e9fb257c935c3237d838b1eaa9c6339f49e06098a73de952d3a928d5732f9c541dc97c979

Download Submit