6dca353c094a2584bd31d519dbca6b32851a42213cf60ddf23786f6a805d2eb5

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2024, 16:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52b5042e8ef96633fc51fcbbf8256c9f_JaffaCakes118.html
Size

139KB
MD5

52b5042e8ef96633fc51fcbbf8256c9f
SHA1

5322c33235d3f929b1d2472ef6c24c047560b070
SHA256

6dca353c094a2584bd31d519dbca6b32851a42213cf60ddf23786f6a805d2eb5
SHA512

72adb16a4922a26d3102b2da3d90f756cb09f42bead7b22f1977942b089cdf37b9efe0f424602f7f643aac3ec1e7c70fb001c3edc149ed453f7b7bfb5f0a45db
SSDEEP

1536:SvXKG1PArbnyGzoNJl91GcyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09M:SvTbHGcyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
912	msedge.exe
912	msedge.exe
4004	msedge.exe
4004	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4004 wrote to memory of 1028	4004	msedge.exe	85
PID 4004 wrote to memory of 1028	4004	msedge.exe	85
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 536	4004	msedge.exe	86
PID 4004 wrote to memory of 912	4004	msedge.exe	87
PID 4004 wrote to memory of 912	4004	msedge.exe	87
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88
PID 4004 wrote to memory of 452	4004	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\52b5042e8ef96633fc51fcbbf8256c9f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefb2f46f8,0x7ffefb2f4708,0x7ffefb2f4718
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13906692762824396106,759289092219718885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13906692762824396106,759289092219718885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,13906692762824396106,759289092219718885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13906692762824396106,759289092219718885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13906692762824396106,759289092219718885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13906692762824396106,759289092219718885,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4313965cb08096c0d247cace990a8028

SHA1
f29762591e6a6a7941d693ffd188951555c91ee5

SHA256
81656eb0533d7889840523281998825424750b2c351ebf94206b769b2a7c6b5c

SHA512
db8e96b06465045f5252d2bd31295a8b472afac576daed5030acb73c7e29a3f0b8ed493397a04e81b4121bbbf73b28e22e00a8617f32e405fcc472bb82904fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc626654eec20452c33913f83f16fc44

SHA1
43b844dd99a14792710cce57a1db93dd2548a20b

SHA256
b098b58910addb423a0dcd8f17fa7d86ffd6476f15572b7c44453c8fcce8238b

SHA512
79340a1ef016aa7fdda45a38e42d7b4de262ae51a0864569b89362599db600cf5242c833ad57281d944554e406f9a7c144ae0648806f423c19e1a61432708e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8b57aa64db3c8dae9043214099d6aa43

SHA1
5c436365518ece6e5f725723e5fa17224a261c4b

SHA256
cddcbab3fe805e06d7d19148097d60682893c99c7cff66a92fc33a8ee03908ca

SHA512
92bd7d265e83d499074ce97065f0e0e476040c0ff6493a0f83b0c12d43fc5bf3bcbb2c7fcdf18ac2931be852fd7c5f5ebc2631d1aabb95416f62dffe83648e80

Download Submit