a37857db3908e080ddcd95887fb03c94c58fd1c0cf3127410f2b4e67c2f262d3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 09:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

243cb296bef54ffd5c55c48072910ea9_JaffaCakes118.html
Size

192KB
MD5

243cb296bef54ffd5c55c48072910ea9
SHA1

79d341e25c9cfbb9fd6d859ba7a236ce3a1e4d79
SHA256

a37857db3908e080ddcd95887fb03c94c58fd1c0cf3127410f2b4e67c2f262d3
SHA512

1780cd1c3e5c7bee0262f2c7816d899391b3467a986f6c934d17dc2a59c4805264e46b574c0af1a98cb2a5e4b297ca40dc6434ff66f343299afe215341e641ab
SSDEEP

3072:SoYOdcifLKzKL3yfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFiM:SoYOd6OLCsMYod+X3oI+Yn86/U9jFiM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2820	msedge.exe
2820	msedge.exe
3320	msedge.exe
3320	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3320 wrote to memory of 4084	3320	msedge.exe	85
PID 3320 wrote to memory of 4084	3320	msedge.exe	85
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 3128	3320	msedge.exe	86
PID 3320 wrote to memory of 2820	3320	msedge.exe	87
PID 3320 wrote to memory of 2820	3320	msedge.exe	87
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88
PID 3320 wrote to memory of 1672	3320	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\243cb296bef54ffd5c55c48072910ea9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbf4246f8,0x7ffdbf424708,0x7ffdbf424718
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17837806023854562187,16089662418085093700,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,17837806023854562187,16089662418085093700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,17837806023854562187,16089662418085093700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17837806023854562187,16089662418085093700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17837806023854562187,16089662418085093700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17837806023854562187,16089662418085093700,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84e7a44efd2136a840bd582bf58ec7b7

SHA1
e2f627260aa300fa7d0b1531117b4de0cb714ad8

SHA256
ead66cc9d8d21b04e1f7558fcc5972bf05f915de69ddbfb74ebc16da1ded350d

SHA512
70b4b70799ef3827c455035f37e9974e98aea1c5508341989453be69c02a126eccb52ed62dd4f3b84bcb39f7bf791a53560ac5aab343a36a5b19e8c1293d4735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d478303d9241f441f381ed07146efc8a

SHA1
3a80df4bd383817e347e21c2f0741b2abed73f51

SHA256
e5ad4d9fbff9a86b5ae30f511ae287755f97142c6fa01ede8c038c27e684d67c

SHA512
eec85dd8ac5fe368c41de9b0e6dbc207154f80a923182a60430fd653bd662864cb42700fd87795250ee3511790a33c71c141917227688015e7713948b319d964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8711beaddaaed9bd9ae9fceea0a434c0

SHA1
37809aaf5f6ed7c257c3e4f1acad8f740c20808f

SHA256
e56756d39cf074b575ca79bc6523731449fe8a3a2ab0896680833f751edd9c22

SHA512
83f502b3413977cba686048069b7c9bf01a6f9ba7402ffb0a1edc37d4d4182e11dc5729a74a5f6fa3df3a5d4c7f5eeb77fb14d94432a75810008e9ae698abfef

Download Submit