9597d47c15c42a6c5286402e2c5e3e62b6bebd58c801b8f4a5814c0e1ef28d34

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 20:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bd85359ec99adcf9b460161fe016a1c_JaffaCakes118.html
Size

45KB
MD5

3bd85359ec99adcf9b460161fe016a1c
SHA1

9d06edafa66295dad9883ebe779e86090e74273c
SHA256

9597d47c15c42a6c5286402e2c5e3e62b6bebd58c801b8f4a5814c0e1ef28d34
SHA512

13bad21bf7a43e43974d6b1cdde53f37f7a2b1dc7bd74a5759122c8821f55c5984f1445717fa7e6e3881486fee2e4691e8d36f35d0907ab71467653576ca76b2
SSDEEP

768:N3ef1dJUufpWpMsYA98eG/P6EHdt460IPSzsqaQM73/CLMksgQk9NxS:N3ebfpWpMsYAaeG36EHEIPSzvaNzkMkY

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1560	msedge.exe
1560	msedge.exe
3808	msedge.exe
3808	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3808 wrote to memory of 1380	3808	msedge.exe	82
PID 3808 wrote to memory of 1380	3808	msedge.exe	82
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1836	3808	msedge.exe	83
PID 3808 wrote to memory of 1560	3808	msedge.exe	84
PID 3808 wrote to memory of 1560	3808	msedge.exe	84
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85
PID 3808 wrote to memory of 388	3808	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3bd85359ec99adcf9b460161fe016a1c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffad02946f8,0x7ffad0294708,0x7ffad0294718
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1875540566754920609,14107223125617900208,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,1875540566754920609,14107223125617900208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,1875540566754920609,14107223125617900208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1960 /prefetch:8
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1875540566754920609,14107223125617900208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1875540566754920609,14107223125617900208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1875540566754920609,14107223125617900208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1875540566754920609,14107223125617900208,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1c9d3caabe1266e8cd29e814f7746b24

SHA1
225e42c654ba04ec71e4615dc0af9e45068efc09

SHA256
8ed0dfd745a4562f1587ea893830a7dd323bb434417bf2ac78ebd93676c61b96

SHA512
99800b7e005ff69df04daa35f9b365574b338b9807ae94fd8306bbdb1dac8989929ef566d45f8ca311e57d92092936c94ea8de1e99d586963da9d31107304f9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
761B

MD5
a27c4de08ab4a8897db9f61a6b99675e

SHA1
ebf7c4c3eb0b2596a2cae0a3d827d5d9bea88e87

SHA256
a1af8408aff0f0738fd29361cbe01d2226db3f0382fd5ab6507aedf715eb1b2c

SHA512
44e0e813da4cd6449357d8b5a79c232b33378c1ccd85fcef2addd9095eab9b91f20b9ed1e9ca809ec698b788564eda736e1a083c4d9c8f82ab8eab66e6c81f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c74208654bce39c2e44827dc081c068

SHA1
61c40c4e3a8a0e225bba191efc1dd07775f3bf9a

SHA256
bbddf2b05940048066598f3ae27904ed90285fcdd7dd943485429ffa70bff0ed

SHA512
8091661878d0172d44e71a04e9ab4b35a5393399d0de848b3809f906222d42af85773d447ad5711313d0ebc1fb849ae94899ba228c757f256f18ece5c487cfd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6efe2bc44101e38b41997baa5ac76e8e

SHA1
2644c7138af014785c27a1392d0a0643ccac488d

SHA256
d19c6364589704c7ed0cad2d0b16df461496afd01a17b44b99a0988159c06178

SHA512
78bd25ee3ad92fc4e4952d70ef21dc9e2a5c484b286d854a99f184aace959ab2b4df2fb702e63274578a62b6c1c30857c442cf88738f71921659192ab01fff18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1da0c9b30f9bbed890d1168f90b5da6b

SHA1
8888c9fcc75da8d0d89460568850d640254f9685

SHA256
304f48032a87c04104cab76d3d955189c5610f9049952632bba2283733b6da21

SHA512
48f1c02c3cc22253fcd095d2fc287d83def9d49fec383bfd00e429872f497f88ee920be3828ba5d818b8e19bf4834d3c0235abfe73e124046f862b4b2db6232e

Download Submit