96c465638ae303ff4e1c31f8eb4fce6d130b5df948da1d052432f03f53140d03

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2024 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdcb86d2000fd0a6a072ee2a16991712_JaffaCakes118.html
Size

124KB
MD5

fdcb86d2000fd0a6a072ee2a16991712
SHA1

ff1cf3abd637e5aa54609a2843e71f597e35a06a
SHA256

96c465638ae303ff4e1c31f8eb4fce6d130b5df948da1d052432f03f53140d03
SHA512

14755e670c51989ee610b0e6716ed777f854476b02ff98ee44f60483892986e2f9cb711f5500ae755a0f59e25a930fa0bd870907658af7785a19b891a8970c93
SSDEEP

1536:SovHRAlpAV+EyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:SLAVVyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
3624	msedge.exe
3624	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 1516	3624	msedge.exe	83
PID 3624 wrote to memory of 1516	3624	msedge.exe	83
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 3056	3624	msedge.exe	84
PID 3624 wrote to memory of 4276	3624	msedge.exe	85
PID 3624 wrote to memory of 4276	3624	msedge.exe	85
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86
PID 3624 wrote to memory of 3300	3624	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fdcb86d2000fd0a6a072ee2a16991712_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94ef946f8,0x7ff94ef94708,0x7ff94ef94718
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5756951370766138480,17504536092473937193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,5756951370766138480,17504536092473937193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,5756951370766138480,17504536092473937193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5756951370766138480,17504536092473937193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5756951370766138480,17504536092473937193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5756951370766138480,17504536092473937193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fd32364f6c3371f9619ebbc5a086cecd

SHA1
42c9ac632c6430aa3bb754fbf950bf92914f259f

SHA256
72f03ab3ac28f5356b733576252904af67f505d3cc7700f540deb8774880633a

SHA512
5ab9c58de2678d6827e8cc3096265bf8085bdef8fc8600b35982c038a125aa5cc5fbb3ba4bf80d6bc16eca856336bdd34e59b4cbe51e84792daf6554ab236ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16df545b33fe4b403f22cca3c8234b2d

SHA1
ad57cce6990a539a8caf0d47024880dfdd93faee

SHA256
fe7c6ab13d430497ffe5c92d0bf31e7cc35a2ef35a3d7b13079278a128a3149e

SHA512
4f8bfd7e19ce308db121b93fd4699c4835a751add01317683b30639c117bdab9cd04aad1e841c9bc593b214d7d899d4e52bf86802efaa616e67c9b6911fe75b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aa0e9437ecb748c1b5690063f080fdb8

SHA1
ebcb01fc2fe233438638b9fbf639d787edabd2eb

SHA256
fe0e8389560dc1fccd83528fcbaede653002c370ff19b749c66ebebf64c27eb4

SHA512
2bc5ba45fcca89c376c3f90dcd1a0c1ef8c29948a09e9ff85ae390b22bdc386780b2a2cb16519547bd948cf8bb16efe7ebc7ff1159b3fa73eff79808506ec84c

Download Submit