b564d32d49c2bb555bc290cd7b661884ce46ecbac1f1169c14cde7d1cbe37053

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/12/2024, 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e52313c9c42f8073cdb6d8146b4dbadb_JaffaCakes118.html
Size

100KB
MD5

e52313c9c42f8073cdb6d8146b4dbadb
SHA1

16ea9200209fc6290d755ba7e26becb73aa7a5b2
SHA256

b564d32d49c2bb555bc290cd7b661884ce46ecbac1f1169c14cde7d1cbe37053
SHA512

87dadc1cfc4f45c269d92769d6a052ad97f47400639c41669f9decfbdad1e52dd669e4a0e49742251f1de3cf8aafde8cede2423ff6231479ecbbe007e7e9be12
SSDEEP

3072:QCA/43x06+fHasslRNodEhPp88sMrXV/qgGcUbZ2nh:QCAKH+isslR+5u0Zq

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
3712	msedge.exe
3712	msedge.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3712 wrote to memory of 1040	3712	msedge.exe	82
PID 3712 wrote to memory of 1040	3712	msedge.exe	82
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 3004	3712	msedge.exe	83
PID 3712 wrote to memory of 4016	3712	msedge.exe	84
PID 3712 wrote to memory of 4016	3712	msedge.exe	84
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85
PID 3712 wrote to memory of 4576	3712	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e52313c9c42f8073cdb6d8146b4dbadb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff994ef46f8,0x7ff994ef4708,0x7ff994ef4718
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4688778214284244867,18158945678270012482,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4688778214284244867,18158945678270012482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,4688778214284244867,18158945678270012482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4688778214284244867,18158945678270012482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4688778214284244867,18158945678270012482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4688778214284244867,18158945678270012482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4688778214284244867,18158945678270012482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4688778214284244867,18158945678270012482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4688778214284244867,18158945678270012482,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5156 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
e90689a8d9255dcb7115604a90638806

SHA1
e9078e52fceec912b142650c16c28fb46bd727b6

SHA256
dcc1b788b50ffe9b854b9427809bbd45a1d1816a87d1f95b482aeca28324e48b

SHA512
13826f7b24d9fc127c5c4cf853bd4693852275346aa2dd81c2e4d2c83efd91d031c4b9dcc19455a43e2375f12cee8fa42b42cf740959dd94c2245b2637ff1cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8121c31abee5a5b252c4beb044e6287a

SHA1
d144ba0ce06e044f2323ef8c325a1d499320ee7e

SHA256
8a0f7a21c3926e6c9a2409aa887200564f5e605ddf1674a49685a1ea6dcc2c5b

SHA512
c1f3099782fb2b434088f4a4f857acddef97220425c8d9b3f301ad57876fb1c9d0900b596129061d4d417dc589b26a6921c29edcf3a02be89bd432ca3aab92e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
30c40ca87a7e606209b32ec391178fef

SHA1
0b28f1da7da237b6412a8a4b992f659348ab4571

SHA256
5b07fa7727b7af010656edfed121be9821d652d790c801f832cd81166a0aaa75

SHA512
fc8ad6d63b5403d32e088c0b91dba79606634de50a1bb0d546a686586512c36b351cfab7c6cf661f9a8f8174eab2812ac5877754e82216bd834b622fa84cc8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5b13073c5ad8b418c1a4ce49e3abea92

SHA1
642873357c5c57db4cd4b52762723d7fc88bba99

SHA256
9a7a16a991eb2da89c5203ce9acc7c642b9ed7436eb19ac12c20df35d17656e2

SHA512
d3888c8c576bae66e5ef6e40f80926a31a6457243cba20dd3918244ca1782aa2bcda0342c0f39ec0895f75c76720d08cbf8772f7357e06520edae66a21f00613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7539c2db827d11db1be6ee8df5eca3f5

SHA1
4ba26eb98383becddc9c590934aeb1e399a096d5

SHA256
41f253ad356b781904ad0c9b2e9d7f137ade315369be25f6493759180ba3c53f

SHA512
4a2141e3b6d3ca310fc38978282c6ca15acfece906c37ae169337e4eedb82ed8e33e50f6e2681e4c5b46e6c210f5d2f98d7f2ff46ec6e89c42001303ad70b78d

Download Submit