3fcb7cabaad89b49b7f9d3ca0fffd8f935fa99ab08a89334f53884cea40dcd55

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29babdd91db15f28d2e692af9e9fc6cd_JaffaCakes118.html
Size

213KB
MD5

29babdd91db15f28d2e692af9e9fc6cd
SHA1

31fd0070fc8cb02da3d7da7d9d716f789dc9180a
SHA256

3fcb7cabaad89b49b7f9d3ca0fffd8f935fa99ab08a89334f53884cea40dcd55
SHA512

67a1e407e3aabdcde13ca9431126c90c73709549058ff1cae8a96dba5cd5362b65f3f1368c097ef0427e55a5924bf22429287f11a6940601528b6085baef3daa
SSDEEP

3072:Sl9QmI0IQtjyfkMY+BES09JXAnyrZalI+YQ:Sly0GsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
2596	msedge.exe
2596	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 4764	2596	msedge.exe	80
PID 2596 wrote to memory of 4764	2596	msedge.exe	80
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 3124	2596	msedge.exe	81
PID 2596 wrote to memory of 4192	2596	msedge.exe	82
PID 2596 wrote to memory of 4192	2596	msedge.exe	82
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83
PID 2596 wrote to memory of 4092	2596	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\29babdd91db15f28d2e692af9e9fc6cd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb923946f8,0x7ffb92394708,0x7ffb92394718
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6726456842576883491,488492270182164835,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6726456842576883491,488492270182164835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6726456842576883491,488492270182164835,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6726456842576883491,488492270182164835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6726456842576883491,488492270182164835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6726456842576883491,488492270182164835,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2339c4c5601ac74c36f369c6f21d02c

SHA1
c42d9436fd5a51f0f5bc8884784ef2f1aad8885c

SHA256
5428fd7b3cd8fce2146b1f85ff972eb46e9a2d7eb30256af7cdd60a72b6b813a

SHA512
9e475b8dba3c71d150c262a5fefc7c951ef32a890a55dc624aff46136ef116af47499a1fa8be1bdeeb786dda53cf8d9a7279c0f0c5dbb6282535e5bba2baefeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
efa59c8f41199c297e7b513470cc2615

SHA1
00224f2bc16222d23f425b30d83136c341e7513f

SHA256
621ba19edce2f088408d3944dc87d5de360c9637f28fd99d78e519584908393a

SHA512
8a6091cdf5b1a45a8a1fc79307e5838463a51a67e63ee05fa25e5035bf79a0c658306b825807cf2a9bba80194c2b106cb923cee3ba15b433308b89657b116f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
731876ce2dd0188fd5e6716e2cdc92c9

SHA1
8ab7f1fdefc33eb98c601d4372896bc3ddec9222

SHA256
3609580d50ba30b2390a0b7581adba2ef89ee402d692f2b1df2fe53f5dec29fc

SHA512
55e35ba27c2e6cd4d418afd6ff8b922185fd759f9cf13a75386e08d66477bdda7018e9dd546d5f915c050dbcfc7430098d063f115a7c5791c8ab88877b8c460f

Download Submit