d3c301422420d019a6fd9fce94d58f9a8671d8b69c486598d96fa26d9560097b

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 00:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

373e3889762ff0f6fe730b481dbaec75_JaffaCakes118.html
Size

19KB
MD5

373e3889762ff0f6fe730b481dbaec75
SHA1

f294d59682fef5058cdefcbc7c2806e419688523
SHA256

d3c301422420d019a6fd9fce94d58f9a8671d8b69c486598d96fa26d9560097b
SHA512

ce9d7f62d4d91c27edaf335b864bbfaaf6058c60a7b7a35b0b3be1f621cad7b7afc3904187ca65cede3145e26d0372de1311c2ca6296fa04c100269e2cb1244f
SSDEEP

192:9K/ypUhTXiq8LTgE9d36ucM6cjQrluhdiMlUx9V6cxjb79DX+OunAiFYiSg:4/yoTXixLXfkeQrAyp55OOunAiqin

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
1216	msedge.exe
1216	msedge.exe
548	identity_helper.exe
548	identity_helper.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 4888	1216	msedge.exe	81
PID 1216 wrote to memory of 4888	1216	msedge.exe	81
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 2608	1216	msedge.exe	82
PID 1216 wrote to memory of 3668	1216	msedge.exe	83
PID 1216 wrote to memory of 3668	1216	msedge.exe	83
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84
PID 1216 wrote to memory of 3672	1216	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\373e3889762ff0f6fe730b481dbaec75_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc66746f8,0x7fffc6674708,0x7fffc6674718
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16976956454619617564,4484883960096038857,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16976956454619617564,4484883960096038857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16976956454619617564,4484883960096038857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16976956454619617564,4484883960096038857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16976956454619617564,4484883960096038857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16976956454619617564,4484883960096038857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16976956454619617564,4484883960096038857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16976956454619617564,4484883960096038857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16976956454619617564,4484883960096038857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16976956454619617564,4484883960096038857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16976956454619617564,4484883960096038857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16976956454619617564,4484883960096038857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16976956454619617564,4484883960096038857,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c907c80d162968e462618687783c2fc4

SHA1
7eb61a44957ffc9210e0e655a2991a6aa8a89725

SHA256
b4c50708a7fc4c0f53ba6f366ed1ca500c78cf16e608cc1f1c2e6548b39d09ef

SHA512
dc47e45b6c55419c11afee5011805d580b4d5dbb719854f540c6bb4f19c0ee0c2e261771ecb7fe099f537722bdba3d907b5058a3025af07f87519d314593818e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
459e115afeaf6ed1b5b75832d009fed7

SHA1
25e4c6c739f4c395d58a1b4f778015cd7b665b0d

SHA256
7fce1a5c3a0141cc396691dfc994ca3262eabada6823b83474d8fb86252b3dd2

SHA512
ff7fe580b85ea7973694f6ac23416fb49970711fdfc9cc179a9167d0d163948cd7c83f05382f52f1d892a3bbac4ba97d8327806d73a38a6324034e9d47fda82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb5d8c62e2c045c20974a00f5d741cbc

SHA1
e86e10a78b62272f79c44f87b04f30491223e857

SHA256
273f7a891ad1648af572197e39ffa00c1369a597155c6b3f3f95d26f5b85d709

SHA512
f7ef492d4ce13f970daf6de207fd39df65f5567b017a4278f2b1b726ff82cb06fedfca391df104db9a69e7f0de020ee06ed248242db6b185f40deee4ae68d317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b1df71ce05f15c7e9eb5a74542bc1572

SHA1
7936cb60d62a5734707a00cd24b64c79c9076b02

SHA256
d85cd68cc306bb7f86c02eaaa890ade7c0e5142fdb319d908064b27d32a29c63

SHA512
93f6259baeb3e2bd4331cf7727722855a2cc452f67b28b4ad3f637100b62590b2f44b80b01119585f411b42a63529bdd1bf21e872c7acac36d0bc133a39ebc19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c50eca835cfc80c1097c355af8bacf03

SHA1
230a04a50746b459f15fa30bb0825b05570dd0f0

SHA256
fca2a7ae7d1b6228139f48a9d669f9f31b4063bde0c3da6e47aa0fac22dcdd0f

SHA512
ab700bc2b885370876e3d98873882b8eadb56d70917f517a53e8e5b6ba5ba62fa199020c091e8bbc82dfecff80c3b723601e5446a374f97339ab648ab6627c8a

Download Submit