52480575574e57a7d743b503b8e31662ce469f3e13a9b319d8b061a4a64f4621

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 11:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fe7a1e6bcb7bd009ea0edac1d1bae2b6_JaffaCakes118.html
Size

24KB
MD5

fe7a1e6bcb7bd009ea0edac1d1bae2b6
SHA1

8a656645cd9772cb463d982b3e4f83dbe2ee73f1
SHA256

52480575574e57a7d743b503b8e31662ce469f3e13a9b319d8b061a4a64f4621
SHA512

d2a366bb9f808fc9f6a8064de728aa7d486aa3f2af4c217ba62ca577c1a3665639700ec0a00a1847d826be3deb9c41b535321c50da90cba5d6bf84a8f7cd1f36
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAI14tzUnjBhPR82qDB8:SIMd0I5nvHNsvPaxDB8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2060	msedge.exe
2060	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2060	msedge.exe
2060	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2960	2060	msedge.exe	84
PID 2060 wrote to memory of 2960	2060	msedge.exe	84
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 3928	2060	msedge.exe	85
PID 2060 wrote to memory of 2504	2060	msedge.exe	86
PID 2060 wrote to memory of 2504	2060	msedge.exe	86
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87
PID 2060 wrote to memory of 1952	2060	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fe7a1e6bcb7bd009ea0edac1d1bae2b6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa06a46f8,0x7ffaa06a4708,0x7ffaa06a4718
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,1028026387752268927,18249742470315142398,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,1028026387752268927,18249742470315142398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,1028026387752268927,18249742470315142398,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1028026387752268927,18249742470315142398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1028026387752268927,18249742470315142398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,1028026387752268927,18249742470315142398,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a63b144aa2b87089e2e758847ec7d62

SHA1
c4714f9a9f28907094e3cec365b7ae3d5407ab6c

SHA256
5f49404026230088ee0839576555d92a099a834021497e9636578e3a4601e34f

SHA512
9778116addc96a224a4046520a16f425b8fe20312fa185d6e5aa154e1b71725a3cc0ef1464a22faf1112d2d8bc707a4f8784ea6fa3768bf4fcdefa3e2b1ed69e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b5537e90b017dacc93e45d55d73d3ae

SHA1
2ed2f6a55025e907964b9357042e567a425e1cf5

SHA256
c1aa1b4d02041087f0afb714c7e6e71b5e5d5d565cffba50c0f6918ff299f5b1

SHA512
04ac4235893ee07e5ff4662997fdc238df278863d2efffc9dec0e5f772c01b7694180d10638ea3dd0b66b40fce4184219f162400bea93d85236cae42fec7c890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7644c111b8ca37f1b2079a03204e0252

SHA1
62660eca052c86db6e010c849e675c8958bff374

SHA256
8f618d545e0c650d74ae5c695dd0841074c192d7a444e34cc6b53f2ce715c4aa

SHA512
c2c98a7d9ae93585e8fadf2c4389f47aa62b7f84be3434c9d8a95ab1f42ffbb1ac021dc94047c32efe932e46efc5759ff6e604f98aab26606fa9398d41bac84f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
11e1a889fda7d4cdfda4951c9091956d

SHA1
6f3d7a44ae0469639e10a06d5622124d569d9d6c

SHA256
6362532a6c53b54559654496243f3841f110a81ff82f1c5a0359c04b1d54c2c8

SHA512
87910e8932ca61c1154f41f56be77bdbcd3c3baec7b77af593f20793d7624a260f513a54fa20b5a132629ee105c35b61281f8a0461ec145c29c5d291ff0ce204

Download Submit