928cf96926cd72b09367c71a3499dc4a5523181c0a0624809c09f02d6a04bc11

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37d48cd724b395a6f6ab4f0eabde0d0c_JaffaCakes118.html
Size

214KB
MD5

37d48cd724b395a6f6ab4f0eabde0d0c
SHA1

4fa7f88c6ac7066d41e43b7c08178c43c4d58779
SHA256

928cf96926cd72b09367c71a3499dc4a5523181c0a0624809c09f02d6a04bc11
SHA512

61a2c8f3cac46917d6fbd2edb1ccb1e72bb058251af5032bea7436377d59f6e62dfaca7b9da6466e9aba110b9b721831d496871b52f90b39c215a46f217a0759
SSDEEP

3072:1rhB9CyHxX7Be7iAvtLPbAwuBNKifXTJw:pz9VxLY7iAVLTBQJlw

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1264	msedge.exe
1264	msedge.exe
1616	msedge.exe
1616	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 3080	1616	msedge.exe	83
PID 1616 wrote to memory of 3080	1616	msedge.exe	83
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 3652	1616	msedge.exe	84
PID 1616 wrote to memory of 1264	1616	msedge.exe	85
PID 1616 wrote to memory of 1264	1616	msedge.exe	85
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86
PID 1616 wrote to memory of 3696	1616	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\37d48cd724b395a6f6ab4f0eabde0d0c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa303246f8,0x7ffa30324708,0x7ffa30324718
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6530502011771812226,6769717724277465403,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,6530502011771812226,6769717724277465403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,6530502011771812226,6769717724277465403,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3008 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6530502011771812226,6769717724277465403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6530502011771812226,6769717724277465403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6530502011771812226,6769717724277465403,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eae1ed739c142b8d9f2f0ad848dae502

SHA1
6d8c5a373dddfb7be627669b9e2baee00385d232

SHA256
262c47ab5b90b9d5cb60c4aa4fbf63122afbbbef73d5aad554484209fbb58ca7

SHA512
a771d44860dcbc8dbb540b5d1a02e4af9c5d5997d9f5cfc7a0ee767f26d4439bd512395680661e3882e41ec45fc328dec919cfc8b9bcf9582c48e774647418cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d22028d447ad7f7f4274c5f0e42a36b

SHA1
5511ae808df0b002925b398f202b871fc3486649

SHA256
85f8397d3342a3e96218908cac8cdaedc475fd4daad64b4717741020d3d5a5c1

SHA512
115793fb2691bc64ccc747ef1cdeab0c7c6d88537f06c7a7c4a39324870d98cf42dff579cc9e9c65aee7735d2cc7fd254d3f375774bafe5d08c1e85a754a0eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc33c6c4ffcd1df342b1abfa4af2df1a

SHA1
420ad05e4152ede7498a7ace2c478faa37a6053a

SHA256
8f51427fc99a8130ea71e79941f2be5f8888eb4201a04e3b2a83453132aae3ac

SHA512
85891a59fddcfe370ddf518f443acc5a6f4eb97a3985d69a361d96b1bab13a3c9cd508ecfc0da06d6fbf94b58d45833c3a2857ab89f95f7c705bab8a74b42552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
56e496cf87361c1ba193f0bbd488840e

SHA1
50e9876426fdf77c60feb34eff0977ae0f77d473

SHA256
f45f1214f28a6c94c2a79da13b011248aa237bb2a75db484c9db44c3abf71f78

SHA512
8a548a07944ab756f99388e097af744ed09447d35ca49f3f753ad0be6e7a688479af44101e51e9e06217643f8884ad25428a4c58a80751424479b3ff0857e893

Download Submit