a1985d2b20015a53eae35b2a8bd227c1ec1a40801d05f35ee64b2fc47c3ec0ea

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 14:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3a7d3b50fdcb47d672d1e6c738043e27_JaffaCakes118.html
Size

70KB
MD5

3a7d3b50fdcb47d672d1e6c738043e27
SHA1

b90dcc22f54f754fb0bc688b236033b278ccfdba
SHA256

a1985d2b20015a53eae35b2a8bd227c1ec1a40801d05f35ee64b2fc47c3ec0ea
SHA512

b359416a65a3ea9a525ad7b84ec69a6ffdc22b7a3580e7d2a07a150fa06940aabe273cd8fbd1e8a1daa6038fce8a8de80000395f4a7443062445611220d48f12
SSDEEP

1536:tBx6xXx5NPMr6bhUSjaopDc5h1NphGnfhhBQtpB3HhJVthvcChCBVhWJ9ahZDI1z:to66bhGH94I1dkoM6bAzG5Z+C0CJ7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4932	msedge.exe
4932	msedge.exe
1508	msedge.exe
1508	msedge.exe
4448	identity_helper.exe
4448	identity_helper.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 5024	1508	msedge.exe	80
PID 1508 wrote to memory of 5024	1508	msedge.exe	80
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4120	1508	msedge.exe	81
PID 1508 wrote to memory of 4932	1508	msedge.exe	82
PID 1508 wrote to memory of 4932	1508	msedge.exe	82
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83
PID 1508 wrote to memory of 2560	1508	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3a7d3b50fdcb47d672d1e6c738043e27_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0a746f8,0x7ff8c0a74708,0x7ff8c0a74718
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14146162308498544315,3511116693645169802,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,14146162308498544315,3511116693645169802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,14146162308498544315,3511116693645169802,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14146162308498544315,3511116693645169802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14146162308498544315,3511116693645169802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14146162308498544315,3511116693645169802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14146162308498544315,3511116693645169802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14146162308498544315,3511116693645169802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14146162308498544315,3511116693645169802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14146162308498544315,3511116693645169802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14146162308498544315,3511116693645169802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14146162308498544315,3511116693645169802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14146162308498544315,3511116693645169802,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5628 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\550ee27c-a2b1-4c90-9086-cd80b6a79d47.tmp

Filesize
6KB

MD5
e86b33963a3d8c81ba6a0cbe321ea877

SHA1
25500dfabf410788b897cb813415994f1cbac872

SHA256
7084441932ef1a31133f3c5b17e77d5dbd0d243f4eeb47cbf67be7a9b9627b78

SHA512
153f0254b30e01d2bd92bf3ebfde8009c1f189a3d7f361def7872debaae890599ae8aff5da02673ebc2f33e18033d72eaf6a8dfd7955cfdea35c64968a49541a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
59ecac56f7883447ded60fe8ce51ea53

SHA1
b0ed02450a8085295c8bca256fa003aba4075194

SHA256
084325fbb8926f7f22d6ae2e41f86dfb89cc805533dd2f693f63c01a815aa84f

SHA512
16670a888f71586d4d30e44cb3ebed5d691eb71ea71d639abce5f3f14240bd2f02a0e2c4e8a826afc1be8e2bcf39198aaecb100b48b77bd08060c9f9bbaae128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c3ba2b78ac1da35461962523ba6a3417

SHA1
419fdf92d97f060d57d71007c0b1c54b296a7be2

SHA256
01f9aff74790357530a73d70725d4736ccea242fa3d24902a555cfe59d793086

SHA512
ba70f0cfed57a6e2a8915e148c41aa0c837bd1b03b608361c001c41c64a5543a45a5d65feaeaf2cbeddc38d74f5672c7ffeea24172a14ea7116befaa79e9f30f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9d256eef8c14c4191760e55adfeccfe

SHA1
648daa0b338ef60b11a441d962ef829684086c4c

SHA256
b39cc6302d21abb2d0a03bed59e2f00516d21543c1d169cf99ba97ac8828f818

SHA512
348f05a9dcaecf8f2c07fa5493f65ebfddf5b2f8a38df6be6452740055301b764b7410ced8435fe3218900ea59af96f59dce362df27fd445b58e73b7452b6723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6567d1b1da4e07548b79a54fcf0dcf43

SHA1
29d199df0e43cd75eab1ccfa802ff6d3b937cf9c

SHA256
b00369219f2c8b826da9ba67b38a3dc2186ef49308b86bcdfa906e1980093bbd

SHA512
3b22e8822bd9f192ce73e6b48d42c50630fb0480edee03aa38b60ee80c7dca9064a114ac7fd6be915f18c0f91a7579e50bc04eb49388303e5c4da975d071ee4d

Download Submit