b74597a77da7d6f0a993f9ff13467da3d70a1eeb6159d4f232c863db67dfaf8b

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b5054055744159aaa6521d7a2da13b4_JaffaCakes118.html
Size

40KB
MD5

3b5054055744159aaa6521d7a2da13b4
SHA1

f49433e51fe7df78a107f75c3a95586f07beac12
SHA256

b74597a77da7d6f0a993f9ff13467da3d70a1eeb6159d4f232c863db67dfaf8b
SHA512

775c40443d85525c8517d56b678b604f1c9a0d03ef6d742c113070ee8a951f68172b4a1bd79aef9559953d0415b55c416d8b76509426acefcba81910ee8c7c1e
SSDEEP

768:Q67oTPX+KUICwO9KCyDF1RuYFYCn7gdk+u:dEPX+9ICwxjYCku

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
724	msedge.exe
724	msedge.exe
4984	msedge.exe
4984	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 1760	4984	msedge.exe	82
PID 4984 wrote to memory of 1760	4984	msedge.exe	82
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 3000	4984	msedge.exe	83
PID 4984 wrote to memory of 724	4984	msedge.exe	84
PID 4984 wrote to memory of 724	4984	msedge.exe	84
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85
PID 4984 wrote to memory of 3748	4984	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3b5054055744159aaa6521d7a2da13b4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ff83e1046f8,0x7ff83e104708,0x7ff83e104718
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11655380137814675579,6211760646469868748,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,11655380137814675579,6211760646469868748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,11655380137814675579,6211760646469868748,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11655380137814675579,6211760646469868748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11655380137814675579,6211760646469868748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11655380137814675579,6211760646469868748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11655380137814675579,6211760646469868748,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
c3184e5deba9472cfcd6f243cac2b622

SHA1
25b6b5c0f6b7c8147557aa93fca43ecc26385580

SHA256
7891bfa173bae36e7510f233027fa0ab8dd2941b2ba35cd1c3be52ad95f36c21

SHA512
1cedb3858234ecf9300abb60501da0c748d9c27f6f61191c8b6d4e1f64ad377f9e6c648e4573dd42f6247d3ebfe25927f7e273f046b33c74e8795fa454589599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cd62a3351d94df5f3275cd1c536dee1e

SHA1
14e1d380a08b972b1e6a973cb4cd9f6488ba1013

SHA256
57019b2c46b91cf493851d07a0851b531f15756abc6068de5e48ae8db7d7662b

SHA512
cd9b13df85ffb1bb80c2309fe4b68ca35f7a2bef3df9f6f887c491644e9b9650890005ca9542a5210e4fad09056c846424588a7411e06b52f14f5981725ca92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
26bdebb212ee2b26c846e3d0852fe77e

SHA1
e7409ab9a5154a1abd4b9ac1476f29bca43f6790

SHA256
6c2af0f665dd48f035501d7f242426bb4060e77c6cc08be3fd8b5d4f000adee1

SHA512
852f6f69b576eb59a0b10ffb841329d5bbe708eb68d499f108a0393a395880999ea213691721028dd83b597ac405a42346993955c98a97fb2534954a360d53c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4212828b4c1f1119c3fe8850e82cb688

SHA1
e09ffb372c988ed0fa9a04825b19c503bb1778ee

SHA256
c258ef6acfdba23a402c53f040fd430ba73e785d6f52b7d0a53e94ab6e48aa44

SHA512
ab8d720c07a54307ba6ea56e8274f2217b4ea1be479a2f0d29212892922b1bc43cb364b9d6f6f3c0afb8bda5f252cddd46ac0b9b60b0f773e3751844b8dfb773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ff03c23ccc44ae5fc3b9ddec27c45ea

SHA1
f1a930adfb0ab2bd6f2881a80cf6ecba4e1877b9

SHA256
ef5a898e1dcae2c1a0d0b2cf72692d14dcafe7339abd6fffae611dc88a6ddac6

SHA512
51cd3ec84401a4dd6a5b02d3f6e493b469e1acb65f9a39a6e43a293f73174185e50907db504a082a9bf1ce9e1b62aad10a74dba1f22c1d86c0bddd5f8e5c0252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
94cab74479f5d9669fe65529ef793a43

SHA1
f21e7fc513fff0ab0388da854ba1be176d072a28

SHA256
135b5bc8798ef933aaf2899d719f4ee5bf3a7b09b2a513b355c5badcf6c9bbeb

SHA512
e24d8dbba250d6b241caa5295aceadd2fb286a051ec943d69b488e4f0b783ecc5888dd71ce453c8c016664f60909329c61531dfa24f23f034274fcbe4fdc3ca0

Download Submit