1379bf71b14ff3956a33f4c7103a3775dd7af253f91bcef278f98f107133304a

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43dd00b61de26b0c3a6a6a159e3fe95d_JaffaCakes118.html
Size

32KB
MD5

43dd00b61de26b0c3a6a6a159e3fe95d
SHA1

8abd16c5fe54ca476aedf1d337ed62aaf01fd056
SHA256

1379bf71b14ff3956a33f4c7103a3775dd7af253f91bcef278f98f107133304a
SHA512

56b6d1f5ef857176cbbced7b20d6622631e195c7442001fef0b6234cf1b1c5e841c822db3fafb59e46961a225864e71198c0392bfd41dfeffa7ebbec8a90ea16
SSDEEP

768:djhLDJ9HE4qEEeuaPId8ZAtDqCQl1lzGEe9zyK5AaUjOHwQBYvK55+ViCpub2wVN:djhLDJ9HE4qEEeuamqAtGnrlzGEe9zyW

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4992	msedge.exe
4992	msedge.exe
2524	identity_helper.exe
2524	identity_helper.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe
2396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 4204	4992	msedge.exe	84
PID 4992 wrote to memory of 4204	4992	msedge.exe	84
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4388	4992	msedge.exe	85
PID 4992 wrote to memory of 4564	4992	msedge.exe	86
PID 4992 wrote to memory of 4564	4992	msedge.exe	86
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87
PID 4992 wrote to memory of 1880	4992	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\43dd00b61de26b0c3a6a6a159e3fe95d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb34246f8,0x7fffb3424708,0x7fffb3424718
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,11229773019516357312,5863946567690531816,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,11229773019516357312,5863946567690531816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,11229773019516357312,5863946567690531816,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11229773019516357312,5863946567690531816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11229773019516357312,5863946567690531816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,11229773019516357312,5863946567690531816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,11229773019516357312,5863946567690531816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11229773019516357312,5863946567690531816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11229773019516357312,5863946567690531816,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11229773019516357312,5863946567690531816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11229773019516357312,5863946567690531816,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,11229773019516357312,5863946567690531816,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5304 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
309B

MD5
3f1214bded795a71d0ef29b95cf60a72

SHA1
4277dd926cebc2d1c8166558e1ec65063b8e5af2

SHA256
1c1b013536486f1805a11e14c111a1d945068d97718942f3527c835ab987b482

SHA512
6ee041f08526af3c81fca39c567a35154f79a7596e103cf9888c00bde35ff935f8005265113c1b64b27eb6ccbc05e7a0fcb145611e1b0ecf19d02c47f507f22b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee498fef10f9414fbfb4691233f4c7e8

SHA1
368e5068cf725fc1402b1fce6aa6e8d7f6a8ed87

SHA256
f8d7caa2e9fd507e2387d471e03f28c11fa669b27f16c4939c352eee152083f4

SHA512
22e9e43cffabe992b1721b236febd73998f560d644313cbc02d604685af45db748efab8dc152d34eb74387f61884614911c1aed7c013ca8fc7508022d56b8b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4efd4c2447587f96077b9524f9dd4858

SHA1
cf5495659d2e9af5c960d7eed19c5769a2b2871c

SHA256
cbc98a58e271ec1a3b368eccc20d62dadcafe62bd05b633b79220bba5031a1f6

SHA512
0c352235fadcb7aba2f42808eb10282e59253a3cb72603d1b998630dc088b53407056349fde330b0a536e66b0d67f8b445d6b1046bca4ce32449096a2993b846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3698ddc0ae9da785b507112e1c63850c

SHA1
a3fbdf2808651547a842191ab5883e1070c0d7c1

SHA256
6ead75f444b888a1be559d37f1e025ff290a429dc5b5f5d01e6436caaa07ba65

SHA512
3cd45233589e68515c7e71b0baa6acdda7350acfb2825efa75c72c56cb17c3c0f9abb6ce104a1b7c0ccc46b565d76596130ed4e497b315e7f4921492fefe06ba

Download Submit