b248a2e94c33cd06c416fe197a17810ee77741e54d021a4297d3e58ce29685fc

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2024 12:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b160a88a629fd3b1d06704bc55ca883a_JaffaCakes118.html
Size

136KB
MD5

b160a88a629fd3b1d06704bc55ca883a
SHA1

624f0c8d30be3f03d64fefc3d2850ba45544bbeb
SHA256

b248a2e94c33cd06c416fe197a17810ee77741e54d021a4297d3e58ce29685fc
SHA512

05026e47c887db0f4864b55427e9cf52f5acd483d8b7eee9c1ff10a6582bbee8513772ddb90344c0d8b8ed1c1e745956f0da0d0db24c6e00920dfaecfc35b861
SSDEEP

1536:2iJEEJXFAvTCDrnDD9BVZfkj/f5w4w+i2:2oJXevTCDrnfVZf2

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
3480	msedge.exe
3480	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 2516	3480	msedge.exe	82
PID 3480 wrote to memory of 2516	3480	msedge.exe	82
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4896	3480	msedge.exe	83
PID 3480 wrote to memory of 4964	3480	msedge.exe	84
PID 3480 wrote to memory of 4964	3480	msedge.exe	84
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85
PID 3480 wrote to memory of 4800	3480	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\b160a88a629fd3b1d06704bc55ca883a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf92b46f8,0x7ffcf92b4708,0x7ffcf92b4718
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,15590013315910775404,15445391850471104735,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,15590013315910775404,15445391850471104735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,15590013315910775404,15445391850471104735,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15590013315910775404,15445391850471104735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15590013315910775404,15445391850471104735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,15590013315910775404,15445391850471104735,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3184 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
d8b647d7fea8029231e84b1d50fd0bea

SHA1
f40d05ac946d9cb83e6038a02b20d1ed22cd92b8

SHA256
d5b9c3c44c9de25e8c4fa55013bd1d49173428cd3b75b360ba52b23566a2a3f5

SHA512
83ad9156e4d3f07298cd4ece341f608ebc856f3f505a225fd2ca56a1d4b0d5ac422389e4ae355f1bd89d0237a8b0759f9afb6141b0e1e05e27f143f8a009d121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5b66e9981cf9f280e01f21c460c149b0

SHA1
ac162e632a7babcaf293412d5f8b3429e0a7a00e

SHA256
8f92c0790bc11ad58a317b3cceee98a841d809c2d182e2d87a3f7b69cd0a749d

SHA512
3142f5904b73c12777fc4b1b5ea56684dd514fcd94d4a5bf616ea891f05729a155e43d87faf9a6979c589246844ec47d051682d31d6012094e583c81a959b990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
de8e99973036142cdfb8d2acf25a2df0

SHA1
d900de5a4e370e53b83324293a901ac568375606

SHA256
17ac586e24f8598ab5efdf3bf1b715fb36432eb9dc8e80692f72d0ad0beed374

SHA512
c9dd1dd21b19942409fcb780efbb4693160a0e0aa2e1c3dbf63ab3ace7162f19c5025fca3db3e069dd1f3a36dbea5d39b6cdd2033c3a9390b2aeb7ad420b4b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39f2a9c56a2b3126c4be350fdb3773b3

SHA1
ee74b333080f107bcd16a04b08da9ef2c5706701

SHA256
31460849b3f9fca7117ad7d1dcb2e59d309857307a51dad24657a5c798afc241

SHA512
92f07d6a7b50f04900b7cc16ca97e7277bba3ba63c7f2e8fd79502d670189e9c6f23f61995a3ab8774cbe1819c34e03fe003d97ab71d6a70337b7eb07d3a4c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5b168b064b4fd19febc3fe33b3c59685

SHA1
eeef8dd86f3d6b1b4f4021457967f8041260c975

SHA256
4d8a7da3b646e56073026df5ea26aeb6585369a9b8c67a68337ab49dde7a22dc

SHA512
7a8030655c9361d852b928405647c84c9679cb7336958efe0fca5933513f288725b7219dc7096da8e032aa55681c05d99e3fb795b90f7d3bc1e40463c4f1b49b

Download Submit