523eecadab3d1cc0e5ae1c0e7c649e33e5d125418b1ddfd318b98158831edc21

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2024, 07:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

468236f425d1985fa1eadcc07f25166c_JaffaCakes118.html
Size

139KB
MD5

468236f425d1985fa1eadcc07f25166c
SHA1

e3ef024c9da0eb1ac837e67d1153b16948aaecc6
SHA256

523eecadab3d1cc0e5ae1c0e7c649e33e5d125418b1ddfd318b98158831edc21
SHA512

a42ae676bdce1b300e9e0ed92431b039b96799f73a17841e8d22d423cd5ea2da6922e85bc082578ff4d202ed19ec692568f384e6ab49ba60d286c5503536d992
SSDEEP

1536:SKSvcixehgmhw+OsuQlTyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09wee:SKS7N6yfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
4088	msedge.exe
4088	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4088	msedge.exe
4088	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 1548	4088	msedge.exe	84
PID 4088 wrote to memory of 1548	4088	msedge.exe	84
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 3632	4088	msedge.exe	85
PID 4088 wrote to memory of 1896	4088	msedge.exe	86
PID 4088 wrote to memory of 1896	4088	msedge.exe	86
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87
PID 4088 wrote to memory of 856	4088	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\468236f425d1985fa1eadcc07f25166c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab28446f8,0x7ffab2844708,0x7ffab2844718
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,523664998965820764,15175265370917783124,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,523664998965820764,15175265370917783124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,523664998965820764,15175265370917783124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,523664998965820764,15175265370917783124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,523664998965820764,15175265370917783124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,523664998965820764,15175265370917783124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
477B

MD5
9d682ddfdb3cb42f98ed4e773b450a67

SHA1
297242b04727cc5a3d6561bba224010875fd119a

SHA256
2e0e79c8b62a5700a8a13e8cef75421343c7a58764ab0f8a13c0267b900325e6

SHA512
70d21c5f3b07e772b1b28416a8623575cd3e810923475286d27a66272ad2e6102587a0eff5faffc8061140dc1bbd3096dad1bd958e3ece132ecf77735ee9634c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
977b253ade2e7caac1bc55b14ddaed05

SHA1
5dbbb5aa90d469fde4b5bcc0ce3976cc413f4e96

SHA256
9b64d89866d6323bb1851ec18da2f71f96fe91a7ad797876a3010cca820a6c9d

SHA512
66c78db7d5ad20fffc8edf290525af49b948a1b4005b826a9b525ec05e00f95754406d8f182d0628c0f20050dcc52409bfcbb88d64a87b5ca2775537f4c1b41e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b8f6419201374da73e220f90983fae54

SHA1
32d558e299bff1d0df9174fa4f7e71dcf19bfaf8

SHA256
dbc69bffd64d3af3718978af28d1a6ca7c1d8124d5d7a12d4607f3a1ba14954b

SHA512
fe23d96ead010c3b2f96f985bb0bf57b63fa2c49af37f68d17f6c1bd5a2fedca5a7ec12cee9a1f2dbd9ba1b2b8af72dc762c917aa9a45a55b7e31939fa0434bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4f864b2d204ae14c054a85e28c72fddc

SHA1
0972f71dcff9304573a791a84b13b17ce9d05f8f

SHA256
793c7223fe43acdc59612dc750e223a22a242d0a16bcd8463d5504b2512299fe

SHA512
7f4b6c612546310162f60bb1862c31c7b9826e42f7052bc40d1b9ba4cc446a454c257326d134bf00bbced35adb9939908195ddae11324fda364dee938c5a1ee7

Download Submit