c7ef1c1e717ce93dec9202bfc2039bd11f16f30fe11a7b6618423e51798501e0

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc7f32f80fb5c31f7d784109a7a70bfe_JaffaCakes118.html
Size

139KB
MD5

fc7f32f80fb5c31f7d784109a7a70bfe
SHA1

eab2cf7dd904087c011fd41af6312ba4dcdc8f4e
SHA256

c7ef1c1e717ce93dec9202bfc2039bd11f16f30fe11a7b6618423e51798501e0
SHA512

a9e68d55273dca539b7446d7384fad97c5e80c1c024c9be81a773096418a70db91c297db3c0b2d0cb55c6e75b0a27b056d3c410408c280ddd5c04663f47c33e9
SSDEEP

1536:S+vZ8MkGzlSyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:S+sG0yfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
2984	msedge.exe
2984	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 2564	2984	msedge.exe	82
PID 2984 wrote to memory of 2564	2984	msedge.exe	82
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 3656	2984	msedge.exe	83
PID 2984 wrote to memory of 4688	2984	msedge.exe	84
PID 2984 wrote to memory of 4688	2984	msedge.exe	84
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85
PID 2984 wrote to memory of 4456	2984	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fc7f32f80fb5c31f7d784109a7a70bfe_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc103f46f8,0x7ffc103f4708,0x7ffc103f4718
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15219353858339593497,8242131311479520845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,15219353858339593497,8242131311479520845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,15219353858339593497,8242131311479520845,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15219353858339593497,8242131311479520845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15219353858339593497,8242131311479520845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15219353858339593497,8242131311479520845,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8053a196474ab54e21c91b8028d206bc

SHA1
187709cb4f7dcacd6d374645885668b94649dc08

SHA256
cc67e8db21779dedd104371785ac138245e0f361aa9e4b44920bc0257d09157c

SHA512
0900062738d4cafb75aa872e7989ce05aa104a8ad9fe432aa870365b3dc975cb25427a9112a53b8b4300722d2dee49b7fb8a9bbb6bbaf940c4ca61cd10be675b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
540ef51aca1c3b257dd80d831b1ee0c5

SHA1
d00038fcaa5f5c8d3e2b5d406f378bbfab5a4fe4

SHA256
463b45495b0fa1ccf6f985f7f27091fedc21c8d6f6116beba9a6d00d7b83767a

SHA512
ea4ad3077d1fe186184ad844fcf2774b6ebbeb40c549abbd116e5f7c5bd61f05471284b3aba39f8603d341cbc2ff04f0cac3d511789ac064ebd29146b1e10fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bd029316345c2773964921d43b887e83

SHA1
4ea2668ae5274896ecf4456a6c4675b4dd79c686

SHA256
b888237b4d717316e89c5b91d435f539b9768046e50a81c8646d54cd21981d7c

SHA512
5d8f366272cd434a775e6294419d23e534ebe5be3bfef036406d65ba2b6501df64e0ed7a82ec0aa3476f67407263abafb7eb55e72e3f2b8fdbd45598a79d5f66

Download Submit