08ca8566ef77e8b6b66b67215a446e98c57c30e6964453f7a79d059ad38a15cb

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b84f83a23b507d578c29dd93e2ff7af_JaffaCakes118.html
Size

151KB
MD5

3b84f83a23b507d578c29dd93e2ff7af
SHA1

ab306507e13ef48b3e03b7fe949354f2a373504c
SHA256

08ca8566ef77e8b6b66b67215a446e98c57c30e6964453f7a79d059ad38a15cb
SHA512

f1860b6d66c940f2d38d387c372105460454353552eac96a0a4967e0fc9cf8af2691a9df4b30e7c667a16b56f4ce5f8598fcbd158afefc29ca1ae21016531fb1
SSDEEP

3072:SWgyso1j2HNH1o4V+p6yfkMY+BES09JXAnyrZalI+YQ:SWgy/aHNH1o4V+pfsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2736	msedge.exe
2736	msedge.exe
656	msedge.exe
656	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
656	msedge.exe
656	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 656 wrote to memory of 5096	656	msedge.exe	83
PID 656 wrote to memory of 5096	656	msedge.exe	83
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 3608	656	msedge.exe	84
PID 656 wrote to memory of 2736	656	msedge.exe	85
PID 656 wrote to memory of 2736	656	msedge.exe	85
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86
PID 656 wrote to memory of 1992	656	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3b84f83a23b507d578c29dd93e2ff7af_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc63f746f8,0x7ffc63f74708,0x7ffc63f74718
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,10702862928488772699,15170612434172861925,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,10702862928488772699,15170612434172861925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,10702862928488772699,15170612434172861925,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10702862928488772699,15170612434172861925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10702862928488772699,15170612434172861925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,10702862928488772699,15170612434172861925,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2592 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8e467d173132f239bdf871fa53479c71

SHA1
2ffe713e23ec6b17ef22442adf0de058aa76616b

SHA256
757ee630a0a1bb17cb3efb85a555ec9f0a1c1fc99bfc5e91ba18499f5b744668

SHA512
aba4af45741a0e9f37c75ad80628dc46a16a73f1ffd477f408924ca061a8fc4728ba1337d566eb295dcb08febfed8847e1156bf2ef98f1a6108b51d2067932d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1fa6cb1442e198a2588f52c673c6d8ca

SHA1
c5f0eb2c4f45f31aefa658e5e81906d114b47032

SHA256
12f1a44dbbd680aea66ad878823af0eb749704fb7ea581c7c833bc446324a232

SHA512
ba8b5959f61c7b990b6a8b4c406cfd0ffbb46f33f0b2e463c6df977199e235325184a52c82e2c9294bdb2bfc3ed626d418285b7b75de4fde94e99e1a1b2eb60b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
72d7f07f60fac671736c2e7d5346fc85

SHA1
e749b65cd41851d4a8c4003514308c743e48fcf8

SHA256
78f8e55020536d67754bf967141cf0bc8f3cee8305ed3394000edc1dcf5167c0

SHA512
39cf73e94704a4bd7f11e57e96fd53a4a378d4eb32be6534319a4dec6821e8495efd373b3820b177090122ab1c53e7456d439b36697272e4677be40b0e2714c8

Download Submit