5d6e197fec86ccacfad8b1a4151e0c9ee35b96142ab261fe1b02c0cf1a72dcd6

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2024 09:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56a957fbb9e140c558005355a33fdf61_JaffaCakes118.html
Size

139KB
MD5

56a957fbb9e140c558005355a33fdf61
SHA1

f0200f0b618ef33921eb09bdfec57bc3e302aa74
SHA256

5d6e197fec86ccacfad8b1a4151e0c9ee35b96142ab261fe1b02c0cf1a72dcd6
SHA512

823598b7bb84c665374bd3c883b96367cdf5010a5905aebab91d1d9dc8162e4c64ee60c7861a290d1aaa2fe77dabb792f028960df2b4d4a574cbaa23dfdf8f30
SSDEEP

1536:SMWvcedbhzKE3H1NdAlIoyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09wd:SMWLQyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
4552	msedge.exe
4552	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4552 wrote to memory of 316	4552	msedge.exe	84
PID 4552 wrote to memory of 316	4552	msedge.exe	84
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3984	4552	msedge.exe	85
PID 4552 wrote to memory of 3504	4552	msedge.exe	86
PID 4552 wrote to memory of 3504	4552	msedge.exe	86
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87
PID 4552 wrote to memory of 3600	4552	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\56a957fbb9e140c558005355a33fdf61_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd769d46f8,0x7ffd769d4708,0x7ffd769d4718
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10255678885781602492,13932002412132247918,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,10255678885781602492,13932002412132247918,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,10255678885781602492,13932002412132247918,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10255678885781602492,13932002412132247918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10255678885781602492,13932002412132247918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10255678885781602492,13932002412132247918,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
477B

MD5
76eb3554c3916c3759f5fd9482cdb209

SHA1
7ba002276054ff2dff209f614408d80f345c8404

SHA256
1a0702d598a8478e8254e0d9503abfb22d80d470f9e86c65566ce05a3d5817c6

SHA512
3da902d94824f2454440c2333ad6531574f502dd895493222c1fa94e9573a0529f83b35d2272f4bfc462672d6665a61786b18195928dd0a05b2bb043504aa70f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3f0a8b294c3add6a3e66df8752327911

SHA1
607202ae7943dfa06671831e227e8187a33cbe07

SHA256
68cd40767ed2fce029b9ba6ae4884ffa7837b9be478fe35df4b081f77446f99a

SHA512
b465e5269751bd5d3380958f67a541abdb34018c81fa5b38addadc15397e7c56b56c9f9acc937b6194ffdeb0b7499cb8590c3ceeeaf2007f0a97ff3ae924e2d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb4df3aef3526b4e2e08e580d61558e9

SHA1
7844193c76f754fcfbfd69f80b31d9b2cfa550c2

SHA256
623431cc4bb813ca8b73ac203e4089b2575ea09c8138db0c35c1cd1ab6f8572e

SHA512
61923d643ce7d2c8872ecbd1568212c5c6312296d12f80d5efcbe3d8097e1cb7f9b609365df25255e30826cab69606761bb6f1899654f0dcd38cff9018b5e14b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ef20b85af36c3ede4126be854c3d1018

SHA1
5e222c23af1d682b71531dc42eeeca3fd79da6ea

SHA256
dd2b8f76afc60fc18571dfb22e82f3d310a30f771d444b5dd8b34e735cce2052

SHA512
3945a85b5a112cfb955d26e5ccae8c604400ee32845969d570167bf9a3ab9231ed5a3f275391215423b7e9d4a96de7ba216cb398af8b285d97a409b5b394d5f5

Download Submit