d88dd6ea62e5c764b2a661edfc53ecf85e4dfb8768541a6b3583c51d610b1e50

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 20:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fd1dc4e23884adf656a065ecf54eec26_JaffaCakes118.html
Size

83KB
MD5

fd1dc4e23884adf656a065ecf54eec26
SHA1

1242d79100a3bf0a4cf5e38f473bb2826f57bbcf
SHA256

d88dd6ea62e5c764b2a661edfc53ecf85e4dfb8768541a6b3583c51d610b1e50
SHA512

cb1c5816b00bbc5936def57eaded6d08e41e4e4d57f3173c405108443555c88d9e3a5a516b622dd8fb40ee758c9024b6c44de1b8ca9fdcdc9426972e1b3da076
SSDEEP

1536:UCa+dqewbBrHY7S8tJ5DIox8e+/C13BNRrbvYK8UQ+sCYr:3EewdUYK8UQ+sl

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
712	msedge.exe
712	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
712	msedge.exe
712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 712 wrote to memory of 4188	712	msedge.exe	82
PID 712 wrote to memory of 4188	712	msedge.exe	82
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 448	712	msedge.exe	83
PID 712 wrote to memory of 2980	712	msedge.exe	84
PID 712 wrote to memory of 2980	712	msedge.exe	84
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85
PID 712 wrote to memory of 4756	712	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fd1dc4e23884adf656a065ecf54eec26_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff968a046f8,0x7ff968a04708,0x7ff968a04718
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15515447245867290807,9544359610656569305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,15515447245867290807,9544359610656569305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,15515447245867290807,9544359610656569305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15515447245867290807,9544359610656569305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15515447245867290807,9544359610656569305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15515447245867290807,9544359610656569305,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1384 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
883B

MD5
60fd8c277ef15408a704a567f817455a

SHA1
63ddea3a321a40a5c661783ca2533aa548aacc69

SHA256
df8789b1ee879e71ceaf5d506328ea126499753c33165c2456991f73c8d43acc

SHA512
25324b7e762f622f874663c3c118fd2e7aeef8a400018e3b73c2c6952e4c6a7286e96db1c1e1190ea59debd05aa0ba742fd821b36df1e41334dbe843da33c1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b21ce113bd21578d47295197f930c2a4

SHA1
bbcbbd944a5f68dbabc842e4f880eb7601a611df

SHA256
c6d8a4703c301610d60c03ca9c7961608dc65f2b5e1676d339ab6113f009e326

SHA512
6e34df5c30378174b35ea66c6fddb054a34979f6eca1e5f6b7840525fda9c851c0bdf684aa24d36ba2941a0ab1625ab9203e1d54a32a8ab051d40dc77463c956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1f974042a3704fef564b5e077df1d7f

SHA1
a2bbc792ffff4bb19765246a840945d35728d66e

SHA256
a1cab1e22d8227a2f153a41714177bf06c011a0d05f54490d67dc8da3ef5963b

SHA512
383585e944d1135b0c202f544ff14b20484602a6fa53717e7cd52d26c0daf9389990c51d8f044e3a2b9a21cc7a8352e0380494b80d482267f4b91cc2833a865f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2288c306d0f194069969c3ae1c0ca414

SHA1
a4d3eecab0773c3f97594c26ee04d3963f9b6dd7

SHA256
54dab0f83677b535355e63840503b3d24a30c009c8b4a6535629faf27c958d54

SHA512
1a5f0763349f58cacfcd75f2436a6043ed697565e7d89c2107bd2bfec420d8cfa282aa51f3fbadccfef18107ee971c0876d6e83122b89cccc0a5d0854d0868bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
19c2342f260c4b6cb7fb8dac004b1ef1

SHA1
c8b2014d679f24d23f1bf0c6296873235d983482

SHA256
3a7079fde43b2ed7a13125906318fbf9201ff0e08341e98d7b6047af691a2f2a

SHA512
a51d0461e035d0820a4c1c6c13c69f49906ff3f82386e01e638d4d4271ae5f4e2937551e5f65c79c1cb65a27ec21c1e129d72c135181984d18a4c508c5983dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
04a0318892c576ec4ffe9df5472ff2ae

SHA1
82652708c05f5525189dd74c404712ff8657c480

SHA256
a96d9f2f39dffaa924ca400d50ad8ebd8ef10f239b0131821b6e062b6657bde3

SHA512
49c1d5a10432666511826eb3ba98f68a0faeaaed9afc0a748cca9e80e2052e4bb749a25f47b674d548b573e6df3fd245b5203452bc15119d76d7ea533dc5a34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5804cd.TMP

Filesize
538B

MD5
0bbf28804e4149a6976b70ecf44f7473

SHA1
da8d1723a1587d6ed54c2a2d1fde2f8a246ee961

SHA256
2e36e0d0849c42e0909dce7b21a6551fbaf5568e1327d8310ce3dd8137b9313c

SHA512
123515953d3baac4032b9ec1f0cfa5de940aa830c42ccaeb82e46dbb1856ee8a2f702b5bcd4cebe4b25cb6e827392f69094dea8ce1ddc884e0e4aca62043f178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
570a6ff5eb44d48bee79789cc439b5c6

SHA1
aed20b82a0a58cf670f18f571a5dbfdd4aa3a96e

SHA256
779652370473777f7388ea8395b86f3167210e04a17bf1fc7b2b1d3017e39961

SHA512
6e580060ebbbaa04296bc6f44b10cb07c5cf359420d1203b9baf88655e252ed113dcc27e324945d3f29601aa80985e2bf3704eb4f00a14def600e52870196b01

Download Submit