05dc2b15e8e0cdcf48a3097068968829fa74576da338757278a2a206a6882786

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 19:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43bd05203a46719af9969d1a81ea0d8a_JaffaCakes118.html
Size

214KB
MD5

43bd05203a46719af9969d1a81ea0d8a
SHA1

6afa81d2e46bfc11c2e4f58a0bd76bf22edb3267
SHA256

05dc2b15e8e0cdcf48a3097068968829fa74576da338757278a2a206a6882786
SHA512

b6779435a2a99e1df8ff9c7af63fee463711f5d74c704b83cf456f6527020a16cdf03d3e60f6490842b20abb45274f026d31b3018aa450bc527c1b1874db837a
SSDEEP

3072:FrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJe:Zz9VxLY7iAVLTBQJle

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3972	msedge.exe
3972	msedge.exe
3884	msedge.exe
3884	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3884 wrote to memory of 4264	3884	msedge.exe	83
PID 3884 wrote to memory of 4264	3884	msedge.exe	83
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 2100	3884	msedge.exe	84
PID 3884 wrote to memory of 3972	3884	msedge.exe	85
PID 3884 wrote to memory of 3972	3884	msedge.exe	85
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86
PID 3884 wrote to memory of 2044	3884	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\43bd05203a46719af9969d1a81ea0d8a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa569546f8,0x7ffa56954708,0x7ffa56954718
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,10334890226460155658,15112197833246753767,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,10334890226460155658,15112197833246753767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,10334890226460155658,15112197833246753767,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10334890226460155658,15112197833246753767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,10334890226460155658,15112197833246753767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,10334890226460155658,15112197833246753767,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
06364081e6926c92cb9524f4a9cc01e9

SHA1
d111df0e1fd6e04a1bf5e0d0c89b3a0cca47b369

SHA256
eb71a403cdfc6545a0aa36d638b5c24000e74ddc037fcaef5db8e2c0a27045f3

SHA512
c70c3f69f7f68a292fb4fd55a06e0bef5abf9a204e8e0b0648dc9111f31b710fc2598eee068cfa5f276b549320f5d54663f939ba796aa1787afd30859b4712d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86867176a59bfb8f511faeffe5d2b677

SHA1
21e4572599595b8b08c5ada05927497e62dd0c9c

SHA256
4b7ad0ecb07489f1708ccadd49c3bc649d7b785048ede9b0f5322a682ff0cbb7

SHA512
b7a3c8d61bc7876032cbe9786f005071ef33f91ca019c9f80df3f2a06bb0fae027cdc7f508fddde1350434bef1ba943feb25f19ab64664f071c0eb2b84ddd9bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d15ed391588fe5ee3e797306143e1aa

SHA1
0fe15e41106b389dab1a606d2a520b785382a6fb

SHA256
eeb63d58621a2b73e9267601f65fe50228ae0224e568a151c27ab344ef34eb20

SHA512
9656daf56b4a8aade773f5a7e468442ef378131c33dfb57d383d6370714498193888b4517addb307567f6050ea9ac671c87f53da5165a03b87579e0ec1a2f85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2767acf6e0218306aff25d2008362c8f

SHA1
32b928f9d81d0ecd7cd3fe72bbf7c661aa00b6e5

SHA256
3a110c602d9183f374801a5047d0bad45b88e1f6855f0a8fbbad9255fdf17e8a

SHA512
e34c44990052eedca97f8cf7462a0f9c73fbe09c589023195167cbfbe910c572dd72a6a17ff5109a063da2434477d2e9956500d56913cbf0ab051626a933f3f3

Download Submit