5d5cc542c1d86141f2cb40517a224c161ec2461ff138cc2face259afc33c8e54

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43d4b8868801996add5df00c260bc08c_JaffaCakes118.html
Size

139KB
MD5

43d4b8868801996add5df00c260bc08c
SHA1

0b9d4ec7cc7cfd83c130418e8c94be38ce412326
SHA256

5d5cc542c1d86141f2cb40517a224c161ec2461ff138cc2face259afc33c8e54
SHA512

39111c005b92b4ea5c5135988293a00cf1366313cc5b4774bab788065ed1522721bd9757e1e4e6db00ade8ef142b00c0b2617d887c91a823008ea943f876fb4e
SSDEEP

1536:Sc/9rfWmf6AWPybMqYhSElnayLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP9:Sc/BYayfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3808	msedge.exe
3808	msedge.exe
3184	msedge.exe
3184	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3184 wrote to memory of 4164	3184	msedge.exe	84
PID 3184 wrote to memory of 4164	3184	msedge.exe	84
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 1612	3184	msedge.exe	85
PID 3184 wrote to memory of 3808	3184	msedge.exe	86
PID 3184 wrote to memory of 3808	3184	msedge.exe	86
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87
PID 3184 wrote to memory of 4012	3184	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\43d4b8868801996add5df00c260bc08c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8885846f8,0x7ff888584708,0x7ff888584718
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,259534074519956019,10983339599985443323,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,259534074519956019,10983339599985443323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,259534074519956019,10983339599985443323,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,259534074519956019,10983339599985443323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,259534074519956019,10983339599985443323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,259534074519956019,10983339599985443323,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3dd1f55e3510f42c422a21c346c60ac7

SHA1
33a1ce50639a6c8fd1a6e39cfe0661d168c2ee86

SHA256
1cc33d7ba3eae8164e7d57cb1c6c0a1bb5e82eb051d5bf0ed7e23f58704df762

SHA512
322d1d49ad75415b14eba2e81c99ce7021b6aa5d2f648179ed92c3afa76cf72e56dc633b8686e4115b9fb188a012d4b41d6bde17bed4b352c8638d66cad53d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
397d766102cc25ccb4cd1960e9e24481

SHA1
a45e72bff70247bfc1bd7ce2697ce70fdef51f11

SHA256
96cae09773bba11e0187e005e188fa127ba30e5b5c1d53494b19c64dd8937fb3

SHA512
a5ee168d80b6e031dbe99890d0e7be6089c6bb847c4277303ebfaf4978176a7a5b3b5bc8231db2257009b0ca3d00595bb3bf0a52087231c662c48d5c222fb2b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bff588edb4e3addeb9ba4c5d43115a7a

SHA1
45f42d9d0c5ce1f8643cfbaf1ee41a2bec9c5daa

SHA256
d579e8c28dc5b9a7083c337b725240e53294e79c7d7c2ad97267293cc0098751

SHA512
97f72cc3f9097856ed36a26f407254ea975966beb874e293ddaa7ec1c9a3d423a5abd30cfef68de54a7649327dfdd2798f07fae4d237fb67f3c90c05e241a26b

Download Submit