f22a8627d01eda5363501ee1ec1db6a40f531f626226fbd86a85c52f23ea99d6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 05:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3874dacdc88efad07bd9c727e7f9d30e_JaffaCakes118.html
Size

218KB
MD5

3874dacdc88efad07bd9c727e7f9d30e
SHA1

3bdb4588adc06865f3032fa9c689b84d47c9d304
SHA256

f22a8627d01eda5363501ee1ec1db6a40f531f626226fbd86a85c52f23ea99d6
SHA512

3a91eefc0c13bf0fd27c52d3d7cf7a7679474ca974816ac140ac0f1779e1388b9792275113c9dd24ad8f7a5781b4fe2b8f88d07cdfb560ddb3b4ff2317a26d3f
SSDEEP

3072:ZMwrkrk6QlPyfkMY+BES09JXAnyrZalI+YQ:WwmkNlasMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
3988	msedge.exe
3988	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3988 wrote to memory of 1392	3988	msedge.exe	82
PID 3988 wrote to memory of 1392	3988	msedge.exe	82
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 2396	3988	msedge.exe	83
PID 3988 wrote to memory of 4668	3988	msedge.exe	84
PID 3988 wrote to memory of 4668	3988	msedge.exe	84
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85
PID 3988 wrote to memory of 4064	3988	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3874dacdc88efad07bd9c727e7f9d30e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb649446f8,0x7ffb64944708,0x7ffb64944718
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,1537979316525121561,1264596227393384318,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,1537979316525121561,1264596227393384318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,1537979316525121561,1264596227393384318,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1537979316525121561,1264596227393384318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1537979316525121561,1264596227393384318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,1537979316525121561,1264596227393384318,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
266B

MD5
89b056240af807a1278d46f325dc5f62

SHA1
1e66dd4c9e030c5d2c23047a085822a372f17887

SHA256
f5f9f29fbb067a58ba60bebb0f36a61c535a234e45ff52f47f192d2836bac9f7

SHA512
109696dba2069f9b711948a93ebb6be8ee851336b14512c613196ca495158e8e53c3ad9bbc07aed6ea037b432f1101492a0e3c761d658f78e6e04d87b2715044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ad14505902ee93c7126128eea3078f5

SHA1
7e4137eb96a50d3867d2e9b98a779aa923638261

SHA256
a992b6a7bfbf982554aec66abcac0c39c3053a4f31c3dc1491054a1d4e5e156c

SHA512
c6edf907f7246a0d02df48bddd0f0425d647cbaa95e7b8340cb413b8f2c83663a97c1fa22220a32058deca41fe3c1aaf3abda52afe6a59dd1afa02445f5e1006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a387d0aba0e2c2f76641a1717e55dcc

SHA1
d1ac168aa6afe1708765bdea6e7d7369daa9e18b

SHA256
9c6b358f19fa0178e896f1931b1bf939f307a1c1ea71a41daf70a71939b57840

SHA512
5ffc5e13f2f41b9532333755f184c9ee2d224250bedcf4e44056a2bd8bb9349221083057007d6b6a7896ba0ade8cf103a4d0c168b0a397c8106e660137f87318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
61b07bcf04ec51563bf4776f4bbc41ff

SHA1
201b44ca4e8103aeba3579927ba1d86cf699f6d0

SHA256
27605477c71033a0e213b1c4a742c787ebf99f4ca843cb5514ce3a38821f4e4a

SHA512
a5f168d911953a93edf078fad8a6bd2af9d6c8963817dc48d8d4ca808329e771031b46b39eb970ec3fb55c99b5a9e29a934ab428395caed75501b7815a9fd3da

Download Submit