a8ee13db4428a15a608bd0f20c83851e4b47217a823fe7b302f7677cfc7dfbcc

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56d1914d48456b7d7c4fc17a5f51d5d2_JaffaCakes118.html
Size

11KB
MD5

56d1914d48456b7d7c4fc17a5f51d5d2
SHA1

984c844579c10128ba2303199cc154df9621c485
SHA256

a8ee13db4428a15a608bd0f20c83851e4b47217a823fe7b302f7677cfc7dfbcc
SHA512

d1e90f89e062e68eaf6f47a929b76dabba2bd3ad00c881f28be6966ed30f68f88ef5ffb1110da4d6751998495953db902da8703d23f5848ebeecf8feae7813af
SSDEEP

192:2VFlIsr03MN8k/w1wvqy/B5AnRvpXkf01fRLOXuBuLbdU8d:sFlIcuMv/gc/B5AnRvpXkf0ZLOXguLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
4200	msedge.exe
4200	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4200 wrote to memory of 1384	4200	msedge.exe	84
PID 4200 wrote to memory of 1384	4200	msedge.exe	84
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 4556	4200	msedge.exe	85
PID 4200 wrote to memory of 2044	4200	msedge.exe	86
PID 4200 wrote to memory of 2044	4200	msedge.exe	86
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87
PID 4200 wrote to memory of 4764	4200	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\56d1914d48456b7d7c4fc17a5f51d5d2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa202f46f8,0x7ffa202f4708,0x7ffa202f4718
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8423488142484571881,2216844794002056040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8423488142484571881,2216844794002056040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8423488142484571881,2216844794002056040,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8423488142484571881,2216844794002056040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8423488142484571881,2216844794002056040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8423488142484571881,2216844794002056040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8423488142484571881,2216844794002056040,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4204 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
ac8b294cd0c77eb66a11f3c7db0998e8

SHA1
b20e74602a4c97d1687391e6a1f65c4599ff3ec9

SHA256
20bfd8045f1d73427dd22b47394222d7f9ccb48df8d0a6d8a1977cc3ab3b9b0f

SHA512
c9d51c55a9dbcf12ed3cfb07865c4df7fe1aa1762d16e57d79d9578dc96774cf9d4e1645cb235a07eba2e6a266b8644ca2a228726f91f390fd3ec1fb5a217c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9466d659f5cfa4f19d4bfb886c8b5356

SHA1
28213ecaae7aefbdb5dc0d4c5f6bd4208b58558c

SHA256
9d6c7adde91566ff1d84deaf14fa8086a31b0a5c4012094ba049eaff79fbcd42

SHA512
239fd838ffb11b67765dab24a7faf242ce65f34a9fbb6e6725ef98c9fd309093206ac8ecca5f220dbfcd04e4378e07c718189306587de07739c6129be82e8ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05b3755a46f5b9da1e349e89cc535a08

SHA1
4cd77a85d2f16c013fa327b2334286bac75d91bd

SHA256
f9c7546f3c0679b4cbb723e5f0e97ca00e0078abb04213daa968cf1cab501e05

SHA512
cf65a050915bc918720e6290b9c377a7d507f89ecb2d962208a0ffb8aab39b0ada6454bf383a892845d74a2982a6820e29dfd9180a5ec39d657e0951f6b9102a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
848570278ffc682eda95f724b712eb7a

SHA1
fbcf6a452ce6b283382905f800b9e41b267738fc

SHA256
3473b4829b899b82e2627dde35216374f258bfa919f0c9073adca615cd463aa9

SHA512
c9d0d5df7c6a98a6ee959e379d616a7d64662576c05d389d1a9e27ad3143981bd1c13efc536deac96ab5721d954fd5aade8b171de4d48defb897a9fe811c182e

Download Submit