2a1d7c7ff2618bb157539cec241dac6bb24c2e7caa4e6d9778539b2c1ede31fa

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 03:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fb6a82695131617ac594d14cc7c6b2c8_JaffaCakes118.html
Size

277KB
MD5

fb6a82695131617ac594d14cc7c6b2c8
SHA1

e08daab900168686ad50e80b3322b4a685f54b4b
SHA256

2a1d7c7ff2618bb157539cec241dac6bb24c2e7caa4e6d9778539b2c1ede31fa
SHA512

de7f622b16199aa3e0611e497c757c18cdc95449f6becd81b692a2e413a2d90ed46b8fc5f86bbfb786678be92a72f3d3ef01304f890dfb2b326318a64a797618
SSDEEP

3072:yGLyZ5PZJNriyVV6cTDfRz8rrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJz:HyVV6cTDfRzgz9VxLY7iAVLTBQJlz

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3012	msedge.exe
3012	msedge.exe
2392	msedge.exe
2392	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 4072	2392	msedge.exe	82
PID 2392 wrote to memory of 4072	2392	msedge.exe	82
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3636	2392	msedge.exe	83
PID 2392 wrote to memory of 3012	2392	msedge.exe	84
PID 2392 wrote to memory of 3012	2392	msedge.exe	84
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85
PID 2392 wrote to memory of 4120	2392	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fb6a82695131617ac594d14cc7c6b2c8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3b9b46f8,0x7fff3b9b4708,0x7fff3b9b4718
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14780091096781176801,14408813005961389260,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,14780091096781176801,14408813005961389260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,14780091096781176801,14408813005961389260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14780091096781176801,14408813005961389260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14780091096781176801,14408813005961389260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14780091096781176801,14408813005961389260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14780091096781176801,14408813005961389260,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
478B

MD5
cd33936a44d45ff35c9cef3d12180c5d

SHA1
bc8d44fcb7be743db4fd0e5081d1f89065f29dd5

SHA256
0f013f8f4b6291cc1a2a60ba0ae4f799fe82a6ba8b1beb63df4927a91e4b27a2

SHA512
5dbfc25e06e9cb1317f4284b1559b31268960d05582d56e5e76056d6223d16fb1f82475ebb868247a543f5853bf34e630d8f5164dfdc894cbbe85726aa79acbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
901289a48ff1b42dba4d49720ed8ae15

SHA1
9db409bffcaac39313db283629f65a7ed9ebe24c

SHA256
6e5e624e1fd304b50da9720f7f440d30c5f90ab308037740ef2e50c51d5799ca

SHA512
37e0d8b1015aceea4185357f3b7fd9ff9119000167aa0f95d6b5896274cd411e916e3327b13fec5681c4114537fab2ef156713bcb902e8b9b99eef908c31870a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9094246b30fcdb9f16037f9e18ee86cc

SHA1
1b604a9d9ccb79ff8fcc09b9d549a517650a0ed5

SHA256
d872e9535c9fa6886521ed5a1a013c1051e531697e670e0e9de1247095b913be

SHA512
d932d36852a1c030d4ec87310fd59c0baddd958c58cd712e5b158d52ad46bebb540c97475dd69c39087baa8159107c3d88c474551c6297164bd68858b6e0cf52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43cfdd1e4c59b033846e2b2137af23d3

SHA1
4e84c49c37bea3a5e47bda186a517bc11b644e12

SHA256
3c6ea49c7dc04dda962c557d74a8de5280d7599beb8b617f7bf516fac929fd6f

SHA512
fba209668f2e1174afba7d876a97d92ded830427965bff742d4902b4005fda4373ba7e8e3ca0f0b815cb6885af85071372e4d1bd4551c8ac63a11e947a9e6b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a5086fb87ef7f6ac9d42b1ce6baed430

SHA1
57c7c8b82dea6fbbbc3c313b28a15ce0da287fda

SHA256
0b6b7df54abfd37b5c7cf3e297383a22435d53369500175de55ed35e907bbd11

SHA512
70573f7b9c74689c5e6867e8f58f605ca6e65589482d1c96895a0335954f95076d9436b6bfe37f74ace51044ed5a8297834579ddd3efe33ad4e3eb577c095a53

Download Submit