03df25a3bb81d3946d4b706f84021165478837126786196015388d14eab33b62

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3166c87862d2b30695fc0bfe7e56c941_JaffaCakes118.html
Size

133KB
MD5

3166c87862d2b30695fc0bfe7e56c941
SHA1

db2493bf71f1b44c41167ac773be8e3d8e27703b
SHA256

03df25a3bb81d3946d4b706f84021165478837126786196015388d14eab33b62
SHA512

2422fa5fb7e84b08a1c59a1e837a7adfd5362d57285640707ce13b72dab0110f9a60e2455b4db99634e2ae36aa16fdcb0ef224aeabd2c775711be1632f632769
SSDEEP

3072:kHVpRBLVqwND4yVDMQBddTPAqxcDVNLEgQv4Hhwfl:kHVMymqxcDV0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1272	msedge.exe
1272	msedge.exe
2288	msedge.exe
2288	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 5068	2288	msedge.exe	82
PID 2288 wrote to memory of 5068	2288	msedge.exe	82
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 216	2288	msedge.exe	84
PID 2288 wrote to memory of 1272	2288	msedge.exe	85
PID 2288 wrote to memory of 1272	2288	msedge.exe	85
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86
PID 2288 wrote to memory of 932	2288	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3166c87862d2b30695fc0bfe7e56c941_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb611046f8,0x7ffb61104708,0x7ffb61104718
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,9155616931241156358,12489632827480364914,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,9155616931241156358,12489632827480364914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2616 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,9155616931241156358,12489632827480364914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9155616931241156358,12489632827480364914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9155616931241156358,12489632827480364914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,9155616931241156358,12489632827480364914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,9155616931241156358,12489632827480364914,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
beabe277bb6536acb2ee3a94cddf2d7f

SHA1
200d3b2fa2141990628b2b195b567664f02891a5

SHA256
1540832e56d6d13c56de960ee1ffecc33d79ae97399d9d991aa5a1860a3849ff

SHA512
be99375800f2571ce34cc0d12eb9d4010bc4c54d7e48947a547e82b9892741f2d8b0ed73d26454358b9a08a8fa4aa942d39161428d1dc8642c9d8a6e78ea0ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5a2de9cd71380e4f4645d06573c4f0e4

SHA1
ba3e3ec8dcd0f1da11639c5ad7e62d0c6d29bf1d

SHA256
50627ccd01f75737b1e95174704e402942999f50fc77db712715da737111e106

SHA512
e1e88e6cedcc663007110b221ba874c769110b9773b8e978306a86ca46849633822041dd316e6c747d2601cd738c917ca546c377a83e34cea6b3c083676178e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
09ac8408fb973c6703d4cdac220cd7e7

SHA1
6f7a1baeea4a47295aff4d35cf95accfda92768d

SHA256
8e266a66d547359b1d9b1ada2ff20bb06a477b837b17c0fd1ca74d1dcd1276de

SHA512
367c35b8a45f10090012750a12785fc4ef6add86ac0ddd9d9795d7b7fa26c5cd9eb44bb8ac6e941ed53d32593f6d777b044d90b3cca86c1789202f5abf6f74f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abccfd6e47f489666c9302c0d4fdeb17

SHA1
2a4f3475667c5da01fad45ec1fd920911c5f76d9

SHA256
2bb081de8c96e8ed7282465ee447f5cef7f77a3d479574b93ab677889f914398

SHA512
d9e0e7ad4546d54307f1b636b6818cc77410c95bd7797218bb27ca4ddbe8b3116f1d2832845c82bcc6a7b679d9447944f3c094eb96c3b1be0689ff7e8709c535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8a8990e3522681dce923a8e24dc4bb8f

SHA1
0b29af675ff3edfb459ca7f72fa9d7785d4813c1

SHA256
3822d86d21d581c434e1e7ed52a6d8c5003cc7b8df21a1be32caa320619a2572

SHA512
58953d7b086563947ad49c8b506e447f69ff7874340c818f19861adaec8118128b3bec4d1b86fb0dc4e720ec0c95ad42cfec8fe6041acd66da22f2d10fe715c9

Download Submit