2e7a028d9173a9b0fc5e64cde1b8d8095473e346d5836464e1a6ed1549093a8a

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb53f92f1202eaa09ad0b8d11f883a6a_JaffaCakes118.html
Size

92KB
MD5

fb53f92f1202eaa09ad0b8d11f883a6a
SHA1

b3893ab71eafa08e79bcb41b174a69f06e2e75ab
SHA256

2e7a028d9173a9b0fc5e64cde1b8d8095473e346d5836464e1a6ed1549093a8a
SHA512

07d0cc634368be63a316844cccc657366b69cda2077807d21ec1f69613034b0e58470bc24fc8c5389e8d3facda808a5bb79955155f60798aa2d7d80d8e87bd30
SSDEEP

1536:lkcl0aNe8/zwyk4QNhAhIOZfjnOh5uKf95t6ETw47to9rCX7CesAKsQC7INYAKM3:lkclLNsSIOBOh5uKt6uw47G9rCX7CesH

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
2624	msedge.exe
2624	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2624	msedge.exe
2624	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 1940	2624	msedge.exe	82
PID 2624 wrote to memory of 1940	2624	msedge.exe	82
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 2660	2624	msedge.exe	83
PID 2624 wrote to memory of 3620	2624	msedge.exe	84
PID 2624 wrote to memory of 3620	2624	msedge.exe	84
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85
PID 2624 wrote to memory of 1936	2624	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fb53f92f1202eaa09ad0b8d11f883a6a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8eb3846f8,0x7ff8eb384708,0x7ff8eb384718
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10928456585299382419,1879248260591314010,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,10928456585299382419,1879248260591314010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,10928456585299382419,1879248260591314010,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10928456585299382419,1879248260591314010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10928456585299382419,1879248260591314010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10928456585299382419,1879248260591314010,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
940B

MD5
515885d2d4c441be633334f26cc15722

SHA1
4cece0300a08e67fa1b1d6e9e9a43adc3a49ec3f

SHA256
814b2f9ac0f785ba85336affdad22bf6b3eb3ddb591a8b74d8b153166e524269

SHA512
1cf8679f52a42cd6aa08cabe068388c9dce80dab2b28fcb2a8ddd4027f30ced3d819120d37a50227fa7091f926d2e07d6aaeb92ffbc0c37c52e9ff65c3e6489d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fdf5a7033f67c967980f03847091032b

SHA1
f1d2fd7a1576962d61ec92addb59d1ce88a6c244

SHA256
49dce4d0b67994cbb541b13cec0c9bbb0ff3d3e4d7ace898613973f8953a3a3d

SHA512
97e6f469a39e28af25c7ac994f32dfd3a46dcdc3cc3d54f13b2dc0f190a2b44db7bcc33db53437e2f8226d8c12f650b7fc0f18f674385e1265a92a65bfd1c80a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d105a90aad97d6ac8c3b2b884d970f3b

SHA1
447841502a738a1ad1091a9212104ca02107ab87

SHA256
15e6c1f0a0960b832ff3f608c4c14d63bdaa381c5a89aa22d305ceedff7893dc

SHA512
2fa55083896c5bf6e25a9e86f29c6f9869d16aa6565b4fdb84f92270209382e270c3a931a18986c2d62d4a24f1537ccd124f4e61bfbc6bc7ee08469a8d889160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
beab2d02628c9c4230a293124d9c9c9a

SHA1
aadd14f87b2843ecc50c09582c0d2ccc53d2521c

SHA256
182abb674c88504c633db55cb6399e3b2a5bb63cabcb0b982743efbb2c64d226

SHA512
9d3342c385b98cd14ed35fb2b0156292d5ed8718b8d5cfc44b1f501c65ac1003faa4b13b275068f48e86069b7339689c319a399fc79f47bf87034d990e2bef5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580337.TMP

Filesize
537B

MD5
f197b9b33582d5904a4f7a6ac676f6c2

SHA1
27f0b22a3cedd26508f752f030fc26a7c760d6ae

SHA256
c0ee09e0c459724a57303cb590ebfce0d8318cb9a48f67cacc5ded88319427b6

SHA512
d4159fbeb47b69630bef03e40ccd8aef8d716f4886746d694720f23295bb9487ae1d34f811f4cff7749f2ad353a5a4d7bfa49cc4424d86debe9cc1b40c6783e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f844893128d2e4d38498ff630b49d6c5

SHA1
be692751ac213bfe06f31fc7e89d11f3a340f2c7

SHA256
61af26e9e90e92389aa9c22c8408dfddfc4370f1b012c6e26bb090877000d916

SHA512
b47714dd1f5c11241198d5c2f6be6160d813c9f89c53cc8c6b92d7d507ca0d050e68d42e145a8117b012bf2f257c198e2028faebdb6d1bfa7e8e6065f1ff31d4

Download Submit