f9e809d7e46f4bb74da5c66cea6d7f2727e8bc742152486e74f1160a5ece139c

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38e97238eaabd1f77b4f33e70d689005_JaffaCakes118.html
Size

139KB
MD5

38e97238eaabd1f77b4f33e70d689005
SHA1

f61f197d1b746591f8e4a83f7e9ea980eeac6528
SHA256

f9e809d7e46f4bb74da5c66cea6d7f2727e8bc742152486e74f1160a5ece139c
SHA512

a5f28baee041cc49bce967ff25b7e6c401aae381368ac13fd4ec270fd1b2df1b4f4a10fbddd03c84c0a39cc85beb2cb5ee096eb700948667e2f5bb309ba8d55d
SSDEEP

1536:SRh9joTflrxVyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:SRLsxxVyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
1580	msedge.exe
1580	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 3424	1580	msedge.exe	83
PID 1580 wrote to memory of 3424	1580	msedge.exe	83
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 1232	1580	msedge.exe	84
PID 1580 wrote to memory of 3348	1580	msedge.exe	85
PID 1580 wrote to memory of 3348	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86
PID 1580 wrote to memory of 4100	1580	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\38e97238eaabd1f77b4f33e70d689005_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f44046f8,0x7ff8f4404708,0x7ff8f4404718
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2280,8676818945580692211,11821353973824301802,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2280,8676818945580692211,11821353973824301802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2280,8676818945580692211,11821353973824301802,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,8676818945580692211,11821353973824301802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,8676818945580692211,11821353973824301802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2280,8676818945580692211,11821353973824301802,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e37b6838847cf1095b4ef565113ccf0d

SHA1
da554b6b397331cd58855939e242d8fcc4c41b29

SHA256
7a396886bd0be20610ee71754f8cfed82e02b6af38e6e8060e153c322b92ea75

SHA512
5a8e23bb46723ee130864e7bfbff51b5414679254516abe391d08292dbdaa72b035f6e04e058cb7acf1da13826d2976f6f3cbd0c85394aec2c6f21b7005270e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c3be9d4f9dc891d9f5581d8744410bf

SHA1
35d2fe1e1b5e3cc4241db0f5aea99602a5206688

SHA256
996cb4bbd80d705bcc0e4ee7f114a29db4409ac22b122be798cfaf1ce4fcde40

SHA512
2ea44e8419b00c68162bdc81ef36ca5c123277235ece4c88a012f700223dba1f43c0ec2bae6cb22936c299854dd0c0ba7f207ea3e58e7440ee4dcd565def4ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0f85c60abcd63fbedfbf83f23976a1d0

SHA1
61c9d3f7e48786888276bed8a6aedbff488b9f82

SHA256
93b6af1b0c8c40df77e767de9b7097a38a81d964d69add146df7f909207b3573

SHA512
6d923378cb645ecc4c5f1225e2e6e75ca819c4c6779a4900d175e33f61347843c552632fbc050a4f5f79616457cb443b2b7211a5d29625cd9e9b099606c16ea1

Download Submit