01bf8aee654d91d90a80af75c9fb2a515972e918f4370f8af6c48c42c6e89e5e

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 05:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3882bbc0909b64be21bbf67a2d341b38_JaffaCakes118.html
Size

4KB
MD5

3882bbc0909b64be21bbf67a2d341b38
SHA1

c98ac86a59e74aa1c1b0915e07c63700f7b37537
SHA256

01bf8aee654d91d90a80af75c9fb2a515972e918f4370f8af6c48c42c6e89e5e
SHA512

c995d67abae9f5b5d8b4f5475d61ae526232b35a457f48035120ca7676c0865788b0434980767ab2c498294df8ee04d4d27e59e01ddc8b593ffc111b98399833
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oVoLqd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDY

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
588	msedge.exe
588	msedge.exe
4864	msedge.exe
4864	msedge.exe
4224	identity_helper.exe
4224	identity_helper.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 2672	4864	msedge.exe	81
PID 4864 wrote to memory of 2672	4864	msedge.exe	81
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 1724	4864	msedge.exe	82
PID 4864 wrote to memory of 588	4864	msedge.exe	83
PID 4864 wrote to memory of 588	4864	msedge.exe	83
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84
PID 4864 wrote to memory of 3220	4864	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3882bbc0909b64be21bbf67a2d341b38_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf8a146f8,0x7ffbf8a14708,0x7ffbf8a14718
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,18291660989280356819,8891499685902175075,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2312 /prefetch:2
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,18291660989280356819,8891499685902175075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,18291660989280356819,8891499685902175075,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18291660989280356819,8891499685902175075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18291660989280356819,8891499685902175075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,18291660989280356819,8891499685902175075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,18291660989280356819,8891499685902175075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18291660989280356819,8891499685902175075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18291660989280356819,8891499685902175075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18291660989280356819,8891499685902175075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,18291660989280356819,8891499685902175075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,18291660989280356819,8891499685902175075,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
292B

MD5
1736db3f3d97cd1a87beddef8a9ee001

SHA1
7ee0118e0988b07ec73e669e2b8d4e97a9a6e176

SHA256
8077e666c0eaaf90ff73498fda6cc6972043a38be0ee96ef84497dd954bbaca8

SHA512
b59fc5be0be307f13435c906c6f442935f0c99e0afd7415ab16c7aec8544872f4ff22b8ac0a1a8c3cd64b430f410d3aa2fdf5f3f9bda076b8b924c7684c71eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33c9da6a4eaddc615b5e5e2b8633cfd1

SHA1
608870b58c4ad0e5785ef2f10649d58afcde44c3

SHA256
e7e1053aa1ff83622b7bd153a127c4430efb0005841750b2eb5619e54ae8d430

SHA512
e9c8e614f5454f59caf0a68e97dedfeb8cc122d88c8dc7da288618cc90ddc0078e8610a6988cf7c8ae2a8209cdd15d6a6cf2d68413e2f3cb09cfa5e9f6aa4c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8bc176ac75de7d92a9167485d7f01f2e

SHA1
884ac728d11887c6df99f19db6e9395539b909af

SHA256
d199e3ef9adad4d4748358d764b9e249844351d0a506bf73b47988cdcd825f7c

SHA512
234e3bfe1125ef41b2f1bb5f3dad837547ea6441f85bec33d7cad6ee3722ea871df7fc4510988323a75e6af4eda5611ebd0dbf1ccd6ebbfe1079f04a1c55d3c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d3b0c562dfd8aa73a85439038147a705

SHA1
60f5f4146cfe5d7e8a0c7dcbc1098d4a32a2b532

SHA256
4812f268e15866c7bc31b6a2754e433602ccbad4420b835441c3c4e5ed1a299f

SHA512
654c2ff98437747b8a9f5baa4dde35e2df4384da9466ec3b5dfb82ae1c97785818644dfa33d5c7744ec42b429fa39190fd2148d778665000e773540decdab8ef

Download Submit