767ffd7f05d634ad0d0a0cb3ed946354fb21ea4dec15db5a5d38952ee439c1d4

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b9c28f3d0c83f78af536cc070106361_JaffaCakes118.html
Size

139KB
MD5

3b9c28f3d0c83f78af536cc070106361
SHA1

c9982f4cf3b03ede16e078f801bc1fb58cfc2b68
SHA256

767ffd7f05d634ad0d0a0cb3ed946354fb21ea4dec15db5a5d38952ee439c1d4
SHA512

2fffa95fa45bb29073a3d66ae7e555747727f8197a7f8bd65f1778b2581753f224adf3630607638bce2fe07acee4af9093597765821f4866b4f3bf1d6be0049d
SSDEEP

3072:S4whYM2b/DPUpfkHV5KV8ym3rM2jxmmfO4:SPhEbrMm24

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4832	msedge.exe
4832	msedge.exe
4964	msedge.exe
4964	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 1492	4964	msedge.exe	82
PID 4964 wrote to memory of 1492	4964	msedge.exe	82
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 3308	4964	msedge.exe	83
PID 4964 wrote to memory of 4832	4964	msedge.exe	84
PID 4964 wrote to memory of 4832	4964	msedge.exe	84
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85
PID 4964 wrote to memory of 1800	4964	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3b9c28f3d0c83f78af536cc070106361_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad02946f8,0x7ffad0294708,0x7ffad0294718
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13343187989073473027,12365124324246968346,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13343187989073473027,12365124324246968346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13343187989073473027,12365124324246968346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13343187989073473027,12365124324246968346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13343187989073473027,12365124324246968346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13343187989073473027,12365124324246968346,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
266B

MD5
89b056240af807a1278d46f325dc5f62

SHA1
1e66dd4c9e030c5d2c23047a085822a372f17887

SHA256
f5f9f29fbb067a58ba60bebb0f36a61c535a234e45ff52f47f192d2836bac9f7

SHA512
109696dba2069f9b711948a93ebb6be8ee851336b14512c613196ca495158e8e53c3ad9bbc07aed6ea037b432f1101492a0e3c761d658f78e6e04d87b2715044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ce24d9ba10c73dbb3cfd3eff8454366

SHA1
2b53b66aa750bcba5d45d65ba296d43ff2d266a9

SHA256
e62a08aca334c1dc8643f80c27725fd445b53feb21ebeb0261983adc49c1dee4

SHA512
0862bbc0baa1a9fd46389a52931858437f7b1c3066bdf5826b781ca8a7ac1eecb4b2fcdf53a423b3792a4d2da9bb6526d98e8ad806b461039087b133a40355a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4f8ffbc00d6697c016af5f7c6c7bced

SHA1
e7d28b251843edd158535fbec776a061ff9e2e48

SHA256
8eb86e7338fb39af4cfd12c39057ef25f43e7bd4652d946a783506051727cce5

SHA512
52edc0a0dae49e3fb696c93712f5b6353e4790bb89cce7531ce5e1f3c236c4c20d8bce9b00be78ad2c57748aaa41ad91734c013564e4fffce93697d072af160f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9865976808aa682abb36d9b5d4a0d969

SHA1
ff300843a4292b457c2e453e94b2f74f9b10bd33

SHA256
c59dfa33ebfd81ed2c3c22dbda1016b817ca9c38c705fba25e2f29efda36da88

SHA512
cbdda86e893a10a56e8c520b5c90b6902329178baf5811b8202136a947f28c8f6cc27c0a5a08c6a20f18ae395ff37e2e0636810956014cf2fda9538dbb237f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2e83c4e091a09dd1c84d54aec4a2cc6a

SHA1
d20bf376ec0abed06c2b6e2d77430ca6be5dafe6

SHA256
aaadea4f9a111271d291f3053a6699c90a77631876ee9feeeae3dab3fe2c75be

SHA512
4abd2a6ebd0c3f02d73c90f74dce34e16268287350c5d033686bdfa5b71f3b3a3362aa00b002ea225a9b62f99c07ef77577821e5a6ff2f958503f423ab30d287

Download Submit