7f7f0933a8b6a86ba3b3cfef23c67b111a437726a5ec6eb9327cbe003475c28b

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b7869b73d00e01caf424753a86d8b68_JaffaCakes118.html
Size

151KB
MD5

3b7869b73d00e01caf424753a86d8b68
SHA1

099992628255f6b1afca93ecbda6baef395f88c7
SHA256

7f7f0933a8b6a86ba3b3cfef23c67b111a437726a5ec6eb9327cbe003475c28b
SHA512

e47d7fd3def5dd53a8b63b64e5f1016bf9a7d4cb223112c484c8585553c0e474c358268b400356a87d5b0c79625bca3b1ba4c624423e05c7994cb270bfcc0266
SSDEEP

3072:tPAjGEq+19yfkMY+BES09JXAnyrZalI+YQ:qjvqIIsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1112	msedge.exe
1112	msedge.exe
1836	msedge.exe
1836	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 4788	1836	msedge.exe	82
PID 1836 wrote to memory of 4788	1836	msedge.exe	82
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 552	1836	msedge.exe	83
PID 1836 wrote to memory of 1112	1836	msedge.exe	84
PID 1836 wrote to memory of 1112	1836	msedge.exe	84
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85
PID 1836 wrote to memory of 2748	1836	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3b7869b73d00e01caf424753a86d8b68_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa72446f8,0x7fffa7244708,0x7fffa7244718
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2804124419742729309,8207710793349678627,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2804124419742729309,8207710793349678627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2804124419742729309,8207710793349678627,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2804124419742729309,8207710793349678627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2804124419742729309,8207710793349678627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2804124419742729309,8207710793349678627,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
a28fc8c7b408c9fec7eb29ba72319a1a

SHA1
2b1815d04fb077e076a7c078db984304b82cf50e

SHA256
1d26a34f3b686ef9b0f4402fd77dbbf4e517c3a60d31f19751f038953abe9e65

SHA512
6a6f10e0011b2e2f335d65b2b5da07e47e06aa5eeb22ac8950f63928c18242952d216526c8a2ba909ad04fdaf073215c4277272c6de2a28c7cb39a211f0a78bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2b4021da28d8b8eca0d74b8075490d7

SHA1
5c94ea9d35d768f33aa06864492f2d0050e5913f

SHA256
3069d4e43f442dd66e5424f47bc28171d5f89c22bc8d1e16dcc69400550f0a68

SHA512
a1ba8259b29049a6c5016cf4d74b17fad516524b7bad234d0ba113fe1e2230af0efc9cf35288380854374816c32e25f622ddd9eef5564b26fbb0a53f3af078e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6009300e8f0991c4bbf6c13c5c7d8d86

SHA1
6293c9c5f42d76f15ec61ebe41440e63afdc45d6

SHA256
e5bafc5c82ac476c19e7cb201d3c1961ae5cbd6de22ad5d43d852b1dca12ba3e

SHA512
968cb4b3600d0e4e0d8a285880a02f97586fdc14b10fcf02116b1f769ea75b3fdce23cb681b4e337ab272d5c2f0784e96f650b407d0da28bdd0f73fc49c1486d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5ae358693644cfb08609dfdc485526a9

SHA1
da63f9c71983e695089bfaa2ca999db291b0634d

SHA256
852795c6c089ffa25ea654c8289ebe5250149fc525b80ed09c25540a6ba4b656

SHA512
4d2a323ab9a700ebda55d6a3573de452d824da330fed71d4575e595abcbafe296a95c86f2a1f29dc342d55bfcdd678fe1e73e6a4c903e80972dd54da82095882

Download Submit