8570d6999f8a2d1831f425cdee10660772d483debbcfa14ef62a34a215979b6d

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 05:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fddafb4af03f855626cc6e98e14add9e_JaffaCakes118.html
Size

42KB
MD5

fddafb4af03f855626cc6e98e14add9e
SHA1

035afcdc4fefb60374199758e160ff5a26bf1e76
SHA256

8570d6999f8a2d1831f425cdee10660772d483debbcfa14ef62a34a215979b6d
SHA512

1ede9553989cfe1a2ae66d12840e3e69e689d9d468057e9fd522ff8a7d49d1f2ebe54fe83eda503de0255ab2bb8baec4591c9f4e84a2c0293c21c304c7f61cb5
SSDEEP

768:YsGPlV3Tli11AZbwezcSxzHGeWwwl7O+WNqEFbFY03yR:YsGPlVDS1AZb/zcSxzHGeWT2FYQyR

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
3168	msedge.exe
3168	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 3364	3168	msedge.exe	82
PID 3168 wrote to memory of 3364	3168	msedge.exe	82
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 684	3168	msedge.exe	83
PID 3168 wrote to memory of 4864	3168	msedge.exe	84
PID 3168 wrote to memory of 4864	3168	msedge.exe	84
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85
PID 3168 wrote to memory of 4908	3168	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fddafb4af03f855626cc6e98e14add9e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa10646f8,0x7ffaa1064708,0x7ffaa1064718
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10799525377115756496,15142113444292321131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,10799525377115756496,15142113444292321131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,10799525377115756496,15142113444292321131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10799525377115756496,15142113444292321131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10799525377115756496,15142113444292321131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10799525377115756496,15142113444292321131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10799525377115756496,15142113444292321131,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\930a72f6-45f7-40dc-bb5e-65633eb1f4fe.tmp

Filesize
5KB

MD5
70cead1e0e7ed521987e562af59737db

SHA1
68f074c8edac357f82aeb4c6ddb3e4eac1e97c86

SHA256
bc56b26379a5e4313c50595af661275e02f2984202104bce7817b7a71f2557fd

SHA512
bbc93f6322734af1d572e313554ed1229177c453928e30fe0dca9d706ef7e5d5f3141ed0de8c18c4493dfd94ac973896bc24bb95fd4720ffba0c1214e76a2def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
458B

MD5
771b3d979db82bb17d47bd8c83955fc1

SHA1
ae1f50b851900d50f9075efc479e6959e39419cc

SHA256
d66306de26a3dbd7d5ae08847f769aa3b72239b4c25eed498981d2880cc42246

SHA512
208e533d387168d8231825b6c11c11f139c538ab0444272acf7746518497f7c77e759fad63aa84a2f847c4a0599ade22e33cc1966c161752738fe345550f31e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e36c945f304545c17f2584b93e5a5543

SHA1
1131ae30d75a241285138dad2031c717bcfb9b07

SHA256
97f269a1994fe76fdcd3d0f65a58753bb55a0e2348508284dbfdc28e2f613643

SHA512
4b18fb6ea3fffbe6566d44c658ec4047c475f5bfcd8bfcbead2293d603121547b2522886604edd7e8ea22a8f0a949100eb678fde149c18ca66db8230e3381145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
762807d8a132cef431997b57d03909e4

SHA1
3900c063468940c7db2550887dc1c67e60086ab4

SHA256
d03eb535cc088609c42edcd9907797c3de4d4e3213208f2c77b2717dca198c4b

SHA512
50c984e80f4bf58e5688846161ff291446d554ae92f07520f2099d9a618308548283c548b47f11e8db167f37c09dc7372f8d325cf1bd0e2edbf45ad7734fd0b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
82f6b7bf47e325889b864ca4a9d6bd2b

SHA1
28039c7140546d685646bae7861f4802bffeb559

SHA256
a5620b67a336bcb3899c2477d410a3e53f28d603f4b6eb8a1fe492ee0729e0b4

SHA512
7cbc7c07e5622dd3b0155a1abc01e2b874cbedd4864e39b3702b38ee4ff3acb86eba13f4a9b241dea4d28abdc83d3866e44c4e528e74078fc91fefed17795126

Download Submit