a8743ae8557172fbcddb92b2300dcf12a9f1f514c42f8289e72377e29bb1b9aa

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ae49b2ce15c91a8bfed72b18ada82c7_JaffaCakes118.html
Size

156KB
MD5

3ae49b2ce15c91a8bfed72b18ada82c7
SHA1

fabd865c3e2270fbf20b5fd919f5e7b662f9db7d
SHA256

a8743ae8557172fbcddb92b2300dcf12a9f1f514c42f8289e72377e29bb1b9aa
SHA512

99f5a95043c221a4fe175e287e02d11641df8b7138746e2f3d0261799ca168ffff63c226bf3de037e7edc71d7c3b2faf9be8c1d0024fadf277d1d64df2797e5c
SSDEEP

3072:BFISF3V2UP13G4k5QhLpOatVCdtVC/fNbYaaLStRNcxWUu/v66sbsGon4G59t9Vg:3953G4k5QhL8atVdfNbYaaLStRqxWUuW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
856	msedge.exe
856	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 4328	856	msedge.exe	82
PID 856 wrote to memory of 4328	856	msedge.exe	82
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 2356	856	msedge.exe	83
PID 856 wrote to memory of 4988	856	msedge.exe	84
PID 856 wrote to memory of 4988	856	msedge.exe	84
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85
PID 856 wrote to memory of 4772	856	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3ae49b2ce15c91a8bfed72b18ada82c7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe410b46f8,0x7ffe410b4708,0x7ffe410b4718
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9988212779284679030,16590286180931023297,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,9988212779284679030,16590286180931023297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,9988212779284679030,16590286180931023297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9988212779284679030,16590286180931023297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9988212779284679030,16590286180931023297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9988212779284679030,16590286180931023297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9988212779284679030,16590286180931023297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9988212779284679030,16590286180931023297,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c8a63db36383b2ada01f513259521eb8

SHA1
137b360e3008afd503e8904eca2f64d7658e072c

SHA256
8e96b8d1dbe4f5a545aa475a2e76132b7c50534915dc936d8330cdf363d9864b

SHA512
27c9fe2d7adb424069b869aab83001157194fff73c8fc6e67d902a0248ac1f70bbc0011df4f2b6b65a506cc6f01c73bb519d1f0fd7e1ee411362c9b43dc7c615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
ef05d427536af68630820822a6938ba8

SHA1
b33d100a468686e365bd92961fd162eb718cb5cd

SHA256
11fb7ef48193afe9483ed2f3f18a063a401433043c1fe2320640d982f610e66d

SHA512
7f9473b64985185eed0005a33d2ef73575426dc821997741c94c1f5cc2a884ea3f653d5a886e62bd06640bda20ed209af02213a7abc69d0bd456a41ab96e2d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
16523a39feb81a202714185545242dd0

SHA1
6910e5b653ec65cd2229b71eee1d63bb57d38397

SHA256
b5e0d439ddeec1a050789465c971d9083e303a9fd784cc86a5cabc7397a2485e

SHA512
322ac87c5c5927eccb93e6894e2997ccffc1d0ecf6442768ad99d1502b86abc55664ff515cbbf799572ba002aae041eb67510263e19f169ff535a70de30c7373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
29c9d4c60f5d166e271c92904dc152b2

SHA1
bf37e5631ccac986cf04d30966c0565660ccb26d

SHA256
3a5545fa2ac2faa72f5b5cfdadb9f994b23d9383629bb7cb48fea5c86b9afcfd

SHA512
c439f70a15d2cec5a3febb353812dbb527db58d0d872525a2092cb7c4c1cc03142bc5f4ed9e79757f6877ba0a8a566f33b15e701644b39299900191d58ef99b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7b973419cd9527e131b1efd63f982473

SHA1
f3059e1f133d892dece77a57058281f6c3e96a9a

SHA256
28662856642036639f3def64cb664fbebf9dcee51fd587fea6a2de16d770833a

SHA512
aea5fa9e0c9b115f12424ac47a2965ac20f349cd02a6ed5d794df0d7c30129b64b6e2955b0ff934dd312e60e1a030c65744fa9cd0ee23e36fd59ff75ea332f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9309275fdbc1d2060e66485dbee933fc

SHA1
56f503301fb682931fbd66502f2f791e455f8677

SHA256
5bbf3c961ffd4124449602d5bc707845e07e81851c6a191f7acb1e2aa121344d

SHA512
d87f4b70765156ecc706ee55852b3c70db9c063f934373ecedd629a7f1725674addd2fc4415f19d9464655024402b821b53b86c8da734b686a7535e8cc04f937

Download Submit