ea1c0b9d88af4b4ef2e9bc85f9cf3007940deb4c965aa556018731b2e01b3ff0

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3aa8759034a0ff6c9ed74ebcf5ffd03f_JaffaCakes118.html
Size

230KB
MD5

3aa8759034a0ff6c9ed74ebcf5ffd03f
SHA1

f6b9deaaa43980376f44c6217d5fa732a08a0a97
SHA256

ea1c0b9d88af4b4ef2e9bc85f9cf3007940deb4c965aa556018731b2e01b3ff0
SHA512

c24a14b47027f2e39bcc2a84753d875a9918f05f88ee4cb20e10a47201ae1bc567f916f6493d950762e8016f0c9809f4ccb2a321b4e8aa57facde2c4f5b6bfcd
SSDEEP

3072:qrUEvNz//geesR+gzet5oPmhymhEumh+NFZhGayu8:MUEvNShBh8hF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
4840	msedge.exe
4840	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 1504	4840	msedge.exe	82
PID 4840 wrote to memory of 1504	4840	msedge.exe	82
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3948	4840	msedge.exe	83
PID 4840 wrote to memory of 3988	4840	msedge.exe	84
PID 4840 wrote to memory of 3988	4840	msedge.exe	84
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85
PID 4840 wrote to memory of 2936	4840	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3aa8759034a0ff6c9ed74ebcf5ffd03f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92b3a46f8,0x7ff92b3a4708,0x7ff92b3a4718
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,298529316734886536,8171264325616142098,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,298529316734886536,8171264325616142098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,298529316734886536,8171264325616142098,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,298529316734886536,8171264325616142098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,298529316734886536,8171264325616142098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,298529316734886536,8171264325616142098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,298529316734886536,8171264325616142098,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2724 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
cf71d51d1f2b98d60dfe9d918b668230

SHA1
69dc96ebb06406398507c252b701d19e9e64f31b

SHA256
27f33eceabf43ed58ab9b9ff9beb7a3f758febb55b69c7fe2ac5b50e10876cf8

SHA512
30c4442223ad5128a4dacd6f34047dd5c43bebc7fa458a935ffff41c5465b3a8ee5b94f314bea95e84352cf8192e3d837fe5b1fd25bce52659ce3cb1a6d3feb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3746ac2ce715acfc3beb8b211930edd4

SHA1
8ab09974d937a9fa43723c3c8dfceb24a369ef64

SHA256
5bf6d9e407ba34a6c58f928a71a9422777d7ab7cfb6b9abd4153f1601da7b7e4

SHA512
599a954236f594800992441afbf11e5745be1f2e37735fd7418633cba4a670e3128f5259f5193b775c9aa589f79805a10157921d0f030f50233a6b8a81b398fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a11592453ed41d6b4fa3f85b2166618d

SHA1
da6c938021e40a1c17b184eac730e64be3dc33e6

SHA256
25646cfa6b08d3c6bd5128341fff76651ee2af50c41c9fdb9e76b783587f64bb

SHA512
a1e571448247eb2dc2addf9456e1dfa87c34881c6de59bfce6298be9dd178b1affcd4b9aaff2dc6fcdb83cca785db40d72ebb21c885ff793f6fb55d43b15cce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df71b86c76811dbfa7a850c4d9611b3a

SHA1
9ff1a395e968d00606f4b39daa8fd082021606e7

SHA256
52e2d25d8381acf45e340081cc9be61a2d692ee275c240669ef5842584ab9924

SHA512
4286e65857c200435a4f58149f705124acf1a94ed9dc00f2d45c28835a5759e5fc377a7a32a0eebfcb146e1eb47f79754631a11a28049c314f95e088a60192ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f3c8e8e8bd3f1b2393bc6ac27967149

SHA1
3f869a173c3497e22b874d214c622a62a0bf28d7

SHA256
ff1e4f376871c1b26b4dcc2c74c1ea7edb45c67a4b3818ecaac8d0a48df9e9e3

SHA512
d2d37a01ae11af4c9064e75c61c694e48705a9f44825611af1f371950d42534cdbac8e25baf364990d7595d10d1da59a55137c2a0380f35b92e9e8b539ed9da0

Download Submit