374e0f7a4ad92f42f8c2f381fdc4acfc2500578a03fc87680118ac5dee603e69

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32cc828f7b15cc84ef4aaaf35b2e28cf_JaffaCakes118.html
Size

79KB
MD5

32cc828f7b15cc84ef4aaaf35b2e28cf
SHA1

6fe09ce35bb3b9676b1313684d07edbc7eda2895
SHA256

374e0f7a4ad92f42f8c2f381fdc4acfc2500578a03fc87680118ac5dee603e69
SHA512

3a8dd305d610f94795c93ed4a67d7ab81688954ac7fce95ae829c58fa2dba1df56a2365c39e016cda4a6cd2bcbdca14d4394beef58829545834c1386af354c59
SSDEEP

768:BwgONg7UgggggggggggggggggggggggggggggggggggggggggggggggggggggggF:Bb4g7p

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4084	msedge.exe
4084	msedge.exe
3044	msedge.exe
3044	msedge.exe
4468	identity_helper.exe
4468	identity_helper.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2752	3044	msedge.exe	83
PID 3044 wrote to memory of 2752	3044	msedge.exe	83
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 2100	3044	msedge.exe	84
PID 3044 wrote to memory of 4084	3044	msedge.exe	85
PID 3044 wrote to memory of 4084	3044	msedge.exe	85
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86
PID 3044 wrote to memory of 4068	3044	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\32cc828f7b15cc84ef4aaaf35b2e28cf_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaeba946f8,0x7ffaeba94708,0x7ffaeba94718
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11082894162878642482,16968456117111373921,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11082894162878642482,16968456117111373921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11082894162878642482,16968456117111373921,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11082894162878642482,16968456117111373921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11082894162878642482,16968456117111373921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11082894162878642482,16968456117111373921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11082894162878642482,16968456117111373921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11082894162878642482,16968456117111373921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11082894162878642482,16968456117111373921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11082894162878642482,16968456117111373921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11082894162878642482,16968456117111373921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11082894162878642482,16968456117111373921,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5448 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9b97e3992046ad906e96833fee606a4

SHA1
0be7cc1a88d4aa9b62f7f4d2c2458340c65f4893

SHA256
f0766b321f84557582333c3ceb28ad178f37d2f6fa39c6d27ff03ac5196b5af7

SHA512
729a8bbcde3e4bcad7d1d7cce69b4a4b4abc08784a7c39475047386a80752efe0ee7fdd8b951fa47af60cf7a946d8c7905e553f9e44162515f7791a9c3bd8f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa234d1536ccdd64bb786f6d3651b8b8

SHA1
91b21489db7863ba910a2baba3627eb5baa405a7

SHA256
4dda792aa20104513813d7ad3a61b0c2de08839c60993ccc355aa6625682beab

SHA512
95f9ff65e977290eb496010ec5b388de3c8d39f4617ca1b894e6229304db3ef6c681822677414a5664f4adf6d157f3de5c4c8b4f4af1e4fd76a238768f2a9cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0e39bc5c67ff2d1fefe76da4c24296b

SHA1
0fb3c165652fd2ee0406006a6caff66c5b2475d9

SHA256
40f52174688213c066ebef6c067f4d161fd1f69fd684a2049dd16cec64dea942

SHA512
1ad8faf97442bd7ac7ff8b0a81f84b0ed8ac936b4905bc9bd28d3521b54171631753fd3784dbec2ed200d5bc519dc98c64531d45464d153ea5ac9ed3bf6e1f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cbbf7416f94cafa5a96cfbfea4e8643e

SHA1
43c5f4330e56618497329bc3398e32ff9629178c

SHA256
e46341696bdee14b3f45f5fe436347ea10a8e9338f800b6eeb49ccf2540ef2a8

SHA512
9a2dc6d1e0ae756334b396d0b071e12ed9fca8e57146d8578f1b01bfb0ca7efc04927e1790683e0a64a577f6af6b15dc0ddf8f3e5aa1b6f04ef150d0993a573a

Download Submit