9a7f68476b5b136cc17827d4977d52eea02092f5a99741c050f4f279ec09e6c9

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 07:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38edb501d841c88f607bd14099a9bedb_JaffaCakes118.html
Size

27KB
MD5

38edb501d841c88f607bd14099a9bedb
SHA1

15092c910ca44db298e8249ae6ca1d302b68dd67
SHA256

9a7f68476b5b136cc17827d4977d52eea02092f5a99741c050f4f279ec09e6c9
SHA512

59592aa295d9e0dd05eb478df859c5c9b8bcbaa25c7cda93e634ee98d67e56c57ea272ed73d7a577907203319702bf69e0ebcca50c34d043c057853765358fcb
SSDEEP

384:SIrHEG0cS2EBlDascKt747GOUcRv3aqtmL24o1gLCn6YI0Y5OzM5GlMl5j:S4HAcS3beRKt72LnmLe1IzYI8IkMl5j

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
4468	msedge.exe
4468	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 3404	4468	msedge.exe	80
PID 4468 wrote to memory of 3404	4468	msedge.exe	80
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1588	4468	msedge.exe	81
PID 4468 wrote to memory of 1284	4468	msedge.exe	82
PID 4468 wrote to memory of 1284	4468	msedge.exe	82
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83
PID 4468 wrote to memory of 4780	4468	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\38edb501d841c88f607bd14099a9bedb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe32e546f8,0x7ffe32e54708,0x7ffe32e54718
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,350537593903473571,4929239652425780434,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,350537593903473571,4929239652425780434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,350537593903473571,4929239652425780434,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,350537593903473571,4929239652425780434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,350537593903473571,4929239652425780434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,350537593903473571,4929239652425780434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,350537593903473571,4929239652425780434,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ec990e52faaff3ace48090994803421

SHA1
9e73f2a0185f4e717d8e95066249fa65e0ac04fd

SHA256
00bfb2d032f8ee044609f9069abe7244662e67051c484725b6da4ae921e019f3

SHA512
ed6bc6012103974ffc037161b7aee1930fcee192fe3c6f7fbef494ef81b6fc9ff3b3fb62bfb06f36b5a96ff53b3ec7e4083758f58a6b84a8c3512b9814d245b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c7e9a3f0f9f0df7a7aad8d33ad24fc9d

SHA1
feadb427d92a3ea05fc4da4b10c76dcc3673229b

SHA256
fff933acf49cf42a03efb1e2ad2a149dd8c69d38a676de0d8cdbe12dff5e9698

SHA512
f74a6caac871bf447128baa7191c987f890bdb207ca3829a9b94eb30ee4c556c6938df1c55c0059ec160985428cb4e35bebfd34d47b7ccb49acfa84b5bcebbca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8a06045ed450d15592bc5266cc5dd48

SHA1
e85b9a2d141e9ffdb68d5c1b21a1f121e31c3253

SHA256
7ec909898c683997c9fbcdd89a4e6f5c6f0e17662e6ee8a0270e98cf54dc0970

SHA512
2aca3bbf99b9f3461894a96466463aa0587457ae2450df7965720a5aed46597eccba2629eb0163b785025ae0fc4c4a9b5e193ee35facb6374a685e754b058e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d44ae6b87ed884f600e3af09e1e5edb4

SHA1
a519991256f87a526656211eef21a7ca9e63d114

SHA256
538757c6318d5a0f1f2c97ce2a9248584e7895f92a8e97fa4d117b1aa96fe638

SHA512
3d99a8721096a2fb0d51087dcaf3974a48ba35e358a815390f5b5232e1bba25d68cbfa6ebeb92af735d89049de59c6c7b65ddd7dee8d79970ce06bf79f317e91

Download Submit