649f58f04e5c4153f259a3e192353fa2e80c2b4d8b190357f0d22d92105ea493

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

410c4bcbbc899b6a5fe89a64f1aa1510_JaffaCakes118.html
Size

138KB
MD5

410c4bcbbc899b6a5fe89a64f1aa1510
SHA1

8fe1c7e0a1b0478e57f696882d55bd5fa92e94f0
SHA256

649f58f04e5c4153f259a3e192353fa2e80c2b4d8b190357f0d22d92105ea493
SHA512

5f66408dc4166bc71a6e276c49a9a1458b58315d9d92bbb4a8b6806b378a904635e2fabd6074f486b810c338a6aca7880cf7b332326ad0104c1d74c343b8c513
SSDEEP

1536:S+V2DNRc2lyNgyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:S+4yfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1132	msedge.exe
1132	msedge.exe
2752	msedge.exe
2752	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2752	msedge.exe
2752	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 968	2752	msedge.exe	83
PID 2752 wrote to memory of 968	2752	msedge.exe	83
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 2368	2752	msedge.exe	84
PID 2752 wrote to memory of 1132	2752	msedge.exe	85
PID 2752 wrote to memory of 1132	2752	msedge.exe	85
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86
PID 2752 wrote to memory of 832	2752	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\410c4bcbbc899b6a5fe89a64f1aa1510_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac05146f8,0x7ffac0514708,0x7ffac0514718
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,3895170554546034779,15854326082171394827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,3895170554546034779,15854326082171394827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,3895170554546034779,15854326082171394827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3895170554546034779,15854326082171394827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3895170554546034779,15854326082171394827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,3895170554546034779,15854326082171394827,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae1a3538805e6598d1575d5dac2db907

SHA1
1c0d18e950124d75c3d6fc50ea5291d0f5f94954

SHA256
c10958f4b9e14945d0241f183eb17cf7973d2714a102b432546e3f785469529f

SHA512
5647a8bbfa40c96dd681f707b902fc3ae29e778fe100e1f7417c4b07a709f342843fa7eb4b1769c5adcb631a358469e9f88055024d23dfea6b2908dc8b5ecf3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cfd436d9-f6c4-456a-94a5-d0ea2c928c06.tmp

Filesize
6KB

MD5
a77ee138833ef4e343a1f8a5c5cd443f

SHA1
d0e5fc707b6bafcca236c74aa9ddb56a1491dee4

SHA256
84b37ba5f659a5e6741fec31a78678378bf825f524c10c5fae869d654600b2bc

SHA512
c3dc0acb5e87dd8df28a1d5cc2c2db718fc60e3765803b839cd2a73d7ed65b0a76c889c3c81c7b1bad365dc76524e81b6c1af8fbdb51b69731dd51dfb300cb11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
72496ac2a0c10927215c4a48fdc0ead5

SHA1
1cd9f90b5455e159fe5b517243164f5873de8715

SHA256
041e875c068f053b33945cb2cf25a974939f22889de4430bd4030204e844277c

SHA512
3a73f09b9f82179521f1e59c2a89d1e6aecff5f1e39852a1459406d2452d2f0d222979d24553413b5fb311895fdda0bf8b29e010d027ce354748ec26abb12ee6

Download Submit