be64cb0438360f73d84ae818dd10e42628b978a53a4948595eadfbfe9d871aeb

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

917387bb066306477f16d7a717250842_JaffaCakes118.html
Size

2.3MB
MD5

917387bb066306477f16d7a717250842
SHA1

b901063f0525ece14367f4e31b51bec1c02002c7
SHA256

be64cb0438360f73d84ae818dd10e42628b978a53a4948595eadfbfe9d871aeb
SHA512

0216dee86a5b87bb609c588b7ba62763c9cea376ae4fb858486d7fb7a649af05bef626473c951f6cceac139e591add9adee0c0374493e8fb7571416dda44e8c3
SSDEEP

24576:x+Wt9BJ+Wt9Bq+Wt9BP+Wt9Bo+Wt9Bt+Wt9B1+Wt9B5+Wt9Bi+Wt9BX+Wt9Bz+Wv:i

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
316	msedge.exe
316	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
316	msedge.exe
316	msedge.exe
316	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 1992	316	msedge.exe	84
PID 316 wrote to memory of 1992	316	msedge.exe	84
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 4012	316	msedge.exe	85
PID 316 wrote to memory of 1640	316	msedge.exe	86
PID 316 wrote to memory of 1640	316	msedge.exe	86
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87
PID 316 wrote to memory of 1216	316	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\917387bb066306477f16d7a717250842_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1e0146f8,0x7ffc1e014708,0x7ffc1e014718
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,14493806036672275878,1788625617840565127,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,14493806036672275878,1788625617840565127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,14493806036672275878,1788625617840565127,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14493806036672275878,1788625617840565127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14493806036672275878,1788625617840565127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,14493806036672275878,1788625617840565127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,14493806036672275878,1788625617840565127,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
318B

MD5
e550336db721c24c787c1e801b5946e0

SHA1
b3452d1e9c55b2e1c6d511a0ea6d25b02ddeb3a9

SHA256
3582accbd400ebf64d632e7c6fd432e03895f3a42f13a91841e67c29cb8f0d69

SHA512
bb0009e0d655a606a14f1bafbd864aa9dd681395c745f9a66dd391ff29407078e4e6754a9a50a042b6e3d0b489a691f8e7317dcbeea72c9f3dcf4cea7dd6c769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
450655fc85659dac311c1b28b04f5a14

SHA1
ee2281afe3ffe2e9b71e1e852b92016939a37659

SHA256
f20b2d8ee0991bd10ab538280fe28a6ea753f9b4ab1a9642cdf9f9e9ebdfe782

SHA512
707520322e5dd0dc232192c934e5d9cecf5de8cc2a48beb02becff06134ea012d56a17546ce90b58b13e0859494fa1579bbdc647c39c60e1cc5253aa5aef15f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
174e13c0b567284e170e7646f2e71aa3

SHA1
b75fb1d09af192c8b48890f57d5d84c93a41355e

SHA256
4a0851f4196acd6b35874ca82738c9620a947acbaf92808b1991e9391b55b185

SHA512
53c09197f0e194b96950cf9394cf7a3b6e4ece85c52317ecc179c83132406373060288a78c5c1386a66e2d6eeab78736db1795547ce12b545782a30662a96f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2231806c77c5883a01d827a6d42e1e64

SHA1
4027cb43887f8bb854a74cb50dcc8f090c277724

SHA256
a5148e197f05b9de3c9fd2ee0e27957700340c1f05d7102c0538c0965e2da970

SHA512
62a73d07c90202f0fec68d69c48823cd85ed2f2f6ea99cdf59644898930e6206ff0ad3359b3cf3eed0be0586b045e74f4d69698b6c33c15acb00c9dbaf63ed98

Download Submit