5bc6eae36cbce0ceb73182cefbc521c51e3c3857a2cc7e7633fd8b3422b3d8b1

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-09-2024 00:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd7416cef6404b1c0205897915848b83_JaffaCakes118.html
Size

120KB
MD5

fd7416cef6404b1c0205897915848b83
SHA1

033c05fc5b1fd2cb50b146a2ee378defab3d3c8b
SHA256

5bc6eae36cbce0ceb73182cefbc521c51e3c3857a2cc7e7633fd8b3422b3d8b1
SHA512

8982329c51575438b25d0a343e4ec90e60fc7fa70aad4c723a260cc23e229a10ca406bda7a90feb341415e1210354dc9a9600fe3d980da266906fdfd63e77efb
SSDEEP

1536:eLcXtcTUp8YTP0eZi96ACpWLCE433rs/doO:ntOUpPiYAC73Y

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
620	msedge.exe
620	msedge.exe
4848	msedge.exe
4848	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 3460	4848	msedge.exe	85
PID 4848 wrote to memory of 3460	4848	msedge.exe	85
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 3344	4848	msedge.exe	86
PID 4848 wrote to memory of 620	4848	msedge.exe	87
PID 4848 wrote to memory of 620	4848	msedge.exe	87
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88
PID 4848 wrote to memory of 1424	4848	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fd7416cef6404b1c0205897915848b83_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe5ba46f8,0x7ffbe5ba4708,0x7ffbe5ba4718
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6587184224304029475,14944668764867379975,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,6587184224304029475,14944668764867379975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,6587184224304029475,14944668764867379975,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6587184224304029475,14944668764867379975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6587184224304029475,14944668764867379975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6587184224304029475,14944668764867379975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6587184224304029475,14944668764867379975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6587184224304029475,14944668764867379975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6587184224304029475,14944668764867379975,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2472 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
709c6f4a32b317f6487b598788b6353d

SHA1
50f44d43be9630018f0bd2acb1528df07cd05b7f

SHA256
353aff71e8cf078c88c836e66d86be266ddbe36496a597b9b5a5a87d21eae83b

SHA512
4f33792eb73a792c88e8e2dc8bef7b00a2af7b1b91f4bab0cd5076dd2cb9abbb752eb7e60a4c6204d15f9bca1562915f2468b94e5f01f79279e1e7469055f0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ebc024cdb324eb41f33c6ec63d1458d

SHA1
f623e96981ee63c1b6879f682c4364fd5c2265e5

SHA256
23b9bd7316816043f42a80784e7f247f3afebd3dbe370fbc702189a6a0dddb1f

SHA512
6971b6430bc01a36c48bc1e41cf8c4bed65a2890837f7778a896072159940ae739d11834176cc7be6cf6fa0f2ea9e6764c30cd23beadcc88c390e5573bbad097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e84338d02b547e007ab0440018a9f0d4

SHA1
5d7c2dde447fcde531c3072c3e4253f7c00d1d56

SHA256
6a73a75d039691b5e22c2a836cfbb66dc66b1f03d28859f9fd847a5e66aafe4b

SHA512
9ce52e96b9d8a66719b24fbac12b3ea8b521bb0ddd982cf47795cf492311097da11f358c09b2135beceea5c1046662a572c726fe2751d2bfd4879c0e06215a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9fd9a132014023e2c2fbab3275e0a5e1

SHA1
3145eb95fbeccc747884c666a44a3f46c288ca0c

SHA256
ca5dc55d519819b65d6d359391e3ecf9493be7d4250faf89a1165246fa4a0d03

SHA512
0979498c8ad13913facbd1d1f2d42e670e6f0b4d31ad513ad12df65310e0429e6f8bcb11141c7f088af815718ed236d0187a6ed4b7fb77a05c066b3178e5e289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
494a861dfe3fb61b7f6e9a8e1f92d179

SHA1
903db9c91a888cdd2a359e921ea2c1a958228aa9

SHA256
46ffd9cec0b1524402f64218ea9584cb751cd61e56eae54ac0ad61c55273c690

SHA512
f97bfb87546ee38f100ef52f6ee6d102d05feb378a940954a1953f5dc301e6ae7a91de2b2176dcac165a61abf867e06e3e31572a378b1abd9ea2768de76e7175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0c9e7a953e6862f542007e2c26d714f1

SHA1
7fcbbfe4cfa698fcf9d93a2c40d54dd9df335618

SHA256
926797b951021fd793f167ac2fffa53ca8d9bff2609b0f1dbe8add2667ec23fe

SHA512
9edef3bca8d2f8a71d74be4b6649e0b13ce9953901fa8bb985b0f3605b42bea7e796814b4de950052333f18e1d817955db7ae636e0d6f73825fa5a11bc0e2a59

Download Submit