3be18bfa1e477820c31709094a8e5e88172d79b84ac3d3a9b2cda528272641eb

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 22:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3cbdeacd0c00227087e59a5493b4c11a_JaffaCakes118.html
Size

104KB
MD5

3cbdeacd0c00227087e59a5493b4c11a
SHA1

9439f8e0a57c06e0452faae8b5b78a6d237f457b
SHA256

3be18bfa1e477820c31709094a8e5e88172d79b84ac3d3a9b2cda528272641eb
SHA512

3fd83999150f353dcf1cc13972e54b2d2a16567bb6a31e4e40e5c0bf49700e7723f0a05754a36ce5cecbe91d77800f2d6a426e9f6e22a7af311da8270108d8dd
SSDEEP

3072:STmWil3zEBrogcV8DT4ZHfJSE8nH/b/xoe+uoYQlzGDEkb5NzhUiy8vD0ml0Lyrf:SWljEBrogcV8DT4ZHfJSE8nH/b/xoe+M

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
1712	msedge.exe
1712	msedge.exe
4608	identity_helper.exe
4608	identity_helper.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 3960	1712	msedge.exe	82
PID 1712 wrote to memory of 3960	1712	msedge.exe	82
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 4408	1712	msedge.exe	84
PID 1712 wrote to memory of 3612	1712	msedge.exe	85
PID 1712 wrote to memory of 3612	1712	msedge.exe	85
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86
PID 1712 wrote to memory of 3700	1712	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3cbdeacd0c00227087e59a5493b4c11a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffdb79246f8,0x7ffdb7924708,0x7ffdb7924718
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9222437869989569409,14197560402718955147,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9222437869989569409,14197560402718955147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2764 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,9222437869989569409,14197560402718955147,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9222437869989569409,14197560402718955147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9222437869989569409,14197560402718955147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9222437869989569409,14197560402718955147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9222437869989569409,14197560402718955147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9222437869989569409,14197560402718955147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9222437869989569409,14197560402718955147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9222437869989569409,14197560402718955147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9222437869989569409,14197560402718955147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9222437869989569409,14197560402718955147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9222437869989569409,14197560402718955147,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
19ee658bdaa766cdb8fd37618bc4aa1c

SHA1
5792905826b34294b476bfa93abc0eb75bdc90be

SHA256
50ba1be10e135ef916807bac88fc104bc0dbf108c646c95c5a823c980c621952

SHA512
53c2ed90fe063c0d8c546ad1e7da780b19809cca65fbe413a84170d2d7208e3d02f0d648c88463b25fdaf915f6db1d5f07ccddcee3035a01fa33675c0f9b98a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
324B

MD5
ff17505b02d988cd94ac6b26bf718018

SHA1
69f3ba890950867b858fb4c1bface08058ddc38d

SHA256
d0718af13cae3e6a7b66a86da4da75938d0d6b84bf5f9039f812d588ab9a02d4

SHA512
c6570711fc94751163c9a7b8f9932d51b7e472e86707ad8a651f76814408b01e00a0f4710d680f9b168c510bfb527dc3106a254e0747f3254afadbfc73737984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14da896655bb713904aff986026629fb

SHA1
01fc57ae3b2423f056a116922840febb081cc4b5

SHA256
b5d0a308eeeaeee5a04b420a666c28c2ee179137b99d9b2ffefa8bd6c181a054

SHA512
2dcb72aa99ae864d19e17bc15e2474a5f0d689c2f5e124f60ebb26a0b8549278e9de460f748416bb2fcbe87b417b31f600ad1ff701d693ecc78d4d32d242926b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c6dfc5a420122dc862712c2b34138bf

SHA1
559750b1fdd29a2d03c0b39390614bb10e9043ad

SHA256
a763b29b8fc9187969fe9cfcbbae65edfa00591a86317e89f03673ee2fcb717d

SHA512
dbe9879b450375b7b32b0670ff84dbf758bdc65d45117a3ab0d1347c02c3b955a5c3bb3b453f67c38399929524f65970c475c3b2d77afa8c7fafba752e7d45c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
618b02d9c2005721fc513dbcef5c87d1

SHA1
68d222c6f0f112341a6ef83fdc67944a7175f4d6

SHA256
4a24dbbc085fe1e36698873c40000f3bfb24871ee31c3e418dc0a2afc2729db5

SHA512
8df74f7e2c7fd41b531b2079a0152a6cdb469d9e748e6b24480d516929dd21295b773fa882a447446b0ce5d8a8546ebb41a97bbdd5aba17742db721051317352

Download Submit