d0bbbb7b4efcd16e00a4e7ca73a029761b156308e29adacc60865290968c0b97

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fceebb0a5e7c557099f9191531eb5806_JaffaCakes118.html
Size

41KB
MD5

fceebb0a5e7c557099f9191531eb5806
SHA1

503b72dc106b42a114a0fd6ed5c00c4943531242
SHA256

d0bbbb7b4efcd16e00a4e7ca73a029761b156308e29adacc60865290968c0b97
SHA512

62e59bed3d4bb798df172dddf1fac3507bd794d6e3c521065680288b12d84abb47c323a740a1d50665b86c9fa29dfc7fe12d3c4a21a7b712ca9728b4790063b8
SSDEEP

768:hDCyHHvPWdo4KqnuOSQnUDsEcwW9QXhSItNr7e9Iddls2SoaRTKz:hDfHH2dxfubTIwW9qjndlwY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3888	msedge.exe
3888	msedge.exe
4584	msedge.exe
4584	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 488	4584	msedge.exe	82
PID 4584 wrote to memory of 488	4584	msedge.exe	82
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 184	4584	msedge.exe	83
PID 4584 wrote to memory of 3888	4584	msedge.exe	84
PID 4584 wrote to memory of 3888	4584	msedge.exe	84
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85
PID 4584 wrote to memory of 1576	4584	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fceebb0a5e7c557099f9191531eb5806_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9840e46f8,0x7ff9840e4708,0x7ff9840e4718
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1b9739f5776a018d1dfea64dee3f4897

SHA1
3dcea83f53d046c24318fb0748f4d0652b213456

SHA256
a667d0d19885a961de72e4ba4b89957e9904bb9ac99e878e7fc106da0b3091e0

SHA512
d22f0a192450d4185fe73674d0bde7f2fa1f68bcc16ade038c372028a891d230391e45d08c02db9d11b8fccc250abbc5a29ca3d7759dbab8cb937cb4066e46e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2c40d5d7c5e0a85321aa5a230e68a231

SHA1
c4ac788ba4da6897adc3c9ef661ca6b469fc547e

SHA256
9bc3a5bef04210d4751fd4ed395131776e8f7737a5a377be09fcddfb7eb45384

SHA512
bb513fae1e4dbaed4ae59181407a24fe987c642451e6546fbcf14555fae575ff2d227fc39dee997fd64407d2927973831bfa14645d675c041b2dfc61ed3d55c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
949B

MD5
dcef615345ba97b3cb0acfeacf99ba67

SHA1
3f0e3bf4cdbed2d1314e78ea5f0a41d43c0da3c5

SHA256
fdd521e75da83474e1bc74bc3d9fc5a29aaf9c7e74caf0d75b9c8765e84b3052

SHA512
4048d67bb038c14b71a03c5fdf09afbeca370f413b3a7ceac458a3861ad46dc9a0b11f633aa1d8eb509f2a07a45d8944934025dc9b88c0755835475dd7931495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
15f3435a140da2b462d7329ac9d620e8

SHA1
7cecff100010adde785f3fbafe2ad09327353e08

SHA256
f34267fbf553f4ca3df8662711d71c0f54589fa18791ce1c1febc2cbd63a8c63

SHA512
6212486fb7b47ac16a447876e3009857c742a7c197e606c895d736cf18a923e567b0fb05433a2f1780c9e650896d6ff4552c64661da6ccc2d78e6451622801f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1bdbe26d0c937121d900516b9d310eb9

SHA1
46e180aeb1bc24838bc95ef5e9cbc568116d2d7f

SHA256
f8714f97bc40b3bc959666cebbf834292b5a7bfd90e10166ec1880d3bbf5fbfc

SHA512
cbc35b37052d1068bc0cdb1cd3c01057da0873f25da78b54a611246caf07e6b708d4efaf39ade2816a7d7f43b2b2e4f9d5fc530aaa484a54e689945eead7edc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
62fa438b48fdfb61c360e6d4fd356110

SHA1
6e54e946a5211afa1459715b9f37a18ea92cdd57

SHA256
fe3d2e83848ede65097467a54ea813ed25a51119e87121089b3cfc531ebe5798

SHA512
01ada296a3fefe713f53d80d2c95b6e41231012d0998077b7948a68d961b61292d1e3b1b3457488eaa739fc4ff0974672ee448d29d2fcce2c1bebab49da96624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5aae03c3992691cf31da6bf6f11d1b5b

SHA1
e863492edc0bfc73176ba67427089419e0fc29d5

SHA256
90c07c81fb0cf4ae3fb3ee4d9c727451aed46e953d2104b5030e1bfa7304d26c

SHA512
6509d722f45d14dd5bc2b6419687666cac87e0d19bceefb1af88ce593154310a97ccbe741a3faa5df4556552cfe4541019c6f6eeeba6b6c36565d6e7a7aa5f0c

Download Submit