fab27dda15ae37768ed95c23807d26e6554641375083cc3c3fc38d7f206351bb

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2024 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3974565cc30f07e8c56347e23e5d2a2b_JaffaCakes118.html
Size

139KB
MD5

3974565cc30f07e8c56347e23e5d2a2b
SHA1

aa95295b5890ae3b60328c243c3b9027e4e712b5
SHA256

fab27dda15ae37768ed95c23807d26e6554641375083cc3c3fc38d7f206351bb
SHA512

e53c0120c1e1870ecb3827398b4b0b8b93ac0ca9dc106040194d83a5cac69ed170b6002146c1cde3bcbf6f16bd6f4e2330d336d92414bd28075ad6ec12f94116
SSDEEP

1536:ScRKMhgal6zyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:ScTSyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
3916	msedge.exe
3916	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 2344	3916	msedge.exe	83
PID 3916 wrote to memory of 2344	3916	msedge.exe	83
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 4056	3916	msedge.exe	84
PID 3916 wrote to memory of 5032	3916	msedge.exe	85
PID 3916 wrote to memory of 5032	3916	msedge.exe	85
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86
PID 3916 wrote to memory of 1944	3916	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3974565cc30f07e8c56347e23e5d2a2b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff697146f8,0x7fff69714708,0x7fff69714718
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4773605376279459472,5605033146378926935,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,4773605376279459472,5605033146378926935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,4773605376279459472,5605033146378926935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4773605376279459472,5605033146378926935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4773605376279459472,5605033146378926935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4773605376279459472,5605033146378926935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2428 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e6f1ee4f2e0aaebe568ac7e286038dc

SHA1
4aec9bcf065799b27e24aaffb7deb4f3e21a855a

SHA256
fe415dc734a240d2afe9a4f911869efb16186a1cfd3fe84200ef8762938ebae2

SHA512
fb3f916fa3be5fff7d24965d96830d7f1e3665ef4b11a2e7cad52f375a12c234f3de12458ecf6b2304acec9769a582943573861b1d73ee2a2d656876295484f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40d2c5beabb8e09f0a73801d605c368b

SHA1
daa28c5fa1468170ad73593833b24266ffe9a307

SHA256
7c47a350d441e060451a6530acb54b51f5ceff59edd7dd670ba4c70fd4cb1e11

SHA512
b993450ca519bc5187f0d5c29bfdc5c857606a35f58deb5c51ef5fe32c41a3e4d5036e912d8c8b016d156d193516d6158d29414966073f00921c4c3c654954ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
33ba4e6dd0556dd9a3b13f8cf1eef92f

SHA1
b827dc0733ccd62acf7dda2e67d53d46f2f78fab

SHA256
d25a8635ca88d51bc88a3cf746b530b3c50b2e0367488ae6955b5af8c83e7bfb

SHA512
159e1e8842977f2779c182d09bdb928138fd1e213b6bd3ae44fc52a032724493835c3ff717d4cc01a0b35481c3c71e7b58bb31aa578ee2087e74d134ed9dedab

Download Submit