91b1a218d429be7140ae4e63ed6e10233929df25882650dc33e31bcdc226b269

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc2eed9baaa246ab7d8be1cbc1968b57_JaffaCakes118.html
Size

59KB
MD5

fc2eed9baaa246ab7d8be1cbc1968b57
SHA1

a270e955019db00da507dc932471bc758b0229b2
SHA256

91b1a218d429be7140ae4e63ed6e10233929df25882650dc33e31bcdc226b269
SHA512

3f3ea833dec1d772e0456d9412d2a41d96e89cfbbd0f966f3fa79d8319f6c83c1a1c29bdd18aa84fee3c272afc1828efa319d2298e257b65214f0968c4796dde
SSDEEP

384:OwG7vAZ1Cym9KnjE5vq1egaf0gkHc/qGTQty0uh/mg3hSdKnJeg5BTrssEAT1nQn:OECy9fGnhgD4y4fQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
812	msedge.exe
812	msedge.exe
2304	msedge.exe
2304	msedge.exe
3140	identity_helper.exe
3140	identity_helper.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 1632	2304	msedge.exe	82
PID 2304 wrote to memory of 1632	2304	msedge.exe	82
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 2104	2304	msedge.exe	83
PID 2304 wrote to memory of 812	2304	msedge.exe	84
PID 2304 wrote to memory of 812	2304	msedge.exe	84
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85
PID 2304 wrote to memory of 8	2304	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fc2eed9baaa246ab7d8be1cbc1968b57_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffca8c646f8,0x7ffca8c64708,0x7ffca8c64718
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,3909860053524397314,5863594473121822897,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
260B

MD5
757d4a9ffd9e91ad5321439c1010085b

SHA1
53aad9b5e155e474403a6de03dd054ad128fe810

SHA256
c62becfb4dcc20a34e3637cc87cc266f02c005b5f6e681c7ef031c8fd0eac2e5

SHA512
1e89fdd16317280bd18001d3651251d46bf73b74bf9770839c9a3f269b718dbfbce9cb27ed4b6574fb47146ed91191302916e21b87e80faa69e4d59be4afdcf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10115fe6f7491f43667e5e319f5376a4

SHA1
0390455f6c729ababeadbec65f2b65f5cb2393ab

SHA256
c2103d936e8b233003dcc1b6ae1fe320b23cce68259dedf6787ce2aced3767f0

SHA512
51697d6dd12ea3ebcf58d1a185d0929bad52e8df9e619f8cc50fd6ad3fa27bac70389cc9e7dc08644185529b874bad75d4c4b5b70acea39492c4994a3cdc6e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9ddb48cf4f432d1cb25ce2bdef78b8ed

SHA1
c521e99973816ea84a5c5b441dfd0892ac071a78

SHA256
ae92fe117a8932dd1278ffa842fa637f81b166cc568d038dd13d7c962da5db8e

SHA512
7a2a74f5c9e6e492130367b122c1df23f6b28b1c81b65dbcaad69ff69c8346f3d09c70030030a94f519e5b647e6eb8bc05b55150b11030c00f7bc2118fe79fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
871bfc7ea15dedb4e2c8b26a02c51bdb

SHA1
3cd7f8917842b1cd22870cf77a289302dbd3bafd

SHA256
c03b924efd67a0e8a5b1b20da7475684250a5c7379f9d69f5dc9d2054e13b294

SHA512
69c2a73b66e365ad4b79da5366114071a4da9c89799248b125c3607b078f719b61866b035401fed59524f2b6d8f936f0561c3830e00ca3ad9451f74f7783a2e8

Download Submit