51780fe37a7fc8a4fff2d82dae2be0f92f75492b87d86240d66c26c815e8c58d

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 07:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e4b64468ac692cd1c76fd8bc9542413_JaffaCakes118.html
Size

60KB
MD5

3e4b64468ac692cd1c76fd8bc9542413
SHA1

0aa867c4db7e5e257a7045901c231fcb6338b348
SHA256

51780fe37a7fc8a4fff2d82dae2be0f92f75492b87d86240d66c26c815e8c58d
SHA512

5d8c91eb96a760f3237139cc8c55e33619e61f8f472a61a9a6db636ea024697fd0000ee2c5a7cb6a9b46be8c6928120e245c9dc3c77c54021aacd930465f00fa
SSDEEP

1536:jajH3JKduIImHHITyMaldtMwa3+FYVCIEQIyY:F3HHITyMaldtMwa3mcY

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1600	msedge.exe
1600	msedge.exe
4416	msedge.exe
4416	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 3984	4416	msedge.exe	84
PID 4416 wrote to memory of 3984	4416	msedge.exe	84
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 2196	4416	msedge.exe	85
PID 4416 wrote to memory of 1600	4416	msedge.exe	86
PID 4416 wrote to memory of 1600	4416	msedge.exe	86
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87
PID 4416 wrote to memory of 1360	4416	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3e4b64468ac692cd1c76fd8bc9542413_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7d46f8,0x7ffd6b7d4708,0x7ffd6b7d4718
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,15451271412637366851,1539804161926291753,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,15451271412637366851,1539804161926291753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,15451271412637366851,1539804161926291753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15451271412637366851,1539804161926291753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15451271412637366851,1539804161926291753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15451271412637366851,1539804161926291753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,15451271412637366851,1539804161926291753,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
a24073ef1722137787b38e83365538dc

SHA1
01331e4ed1fbaacb84468302844dbf380d9b7c37

SHA256
f2c7808068028ab4c601aed3a74a2bbbe1d214c74032b2258b1abda7f84667eb

SHA512
7a99778ee26a4ab37f280c977c2e52a02056d7a280fcdf455cf75969817a9f880827830021894cdcea9d4db29623d658c632dfd3fb4371ab5a126c2dfd54603c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
763B

MD5
9e7c7babfc7d52ae229e196604042de1

SHA1
7a1e199a56ff944b6a943eea3ea7b19b73e8df9e

SHA256
663be1390e6930d7b2182039a7c96d7e9ebe2d7c87372fc7f52772571cc04e42

SHA512
dac2c74545a3a5366e849212194539b4caa607e37729b8fa53825b3e1af8e81e3e2a20481c3b98d3657ec065aa419a612b0787d38a76f4ddde620a6f23a76023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3161692e3dad029411aea5f2ae2c7ce

SHA1
c0f2cff0d0284306b763b4d4f7a3a96a55c0b356

SHA256
00d1762bdd8b32d8460d0a4ac56acecdc82a32e862f1323626f752704a63697d

SHA512
ff1608cc945f14faa14bc425dc46816c75b8863522ea05212e0f8cc0dadb56252c9c5e64682497fc750bcbdbb839fddd7a3014bccca9fbeca8a2007c3e8e0191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9cf74d6daa55e082a58dff81cdef542b

SHA1
14e1b7c8327d6cda507ff653b3f42cc17d63a730

SHA256
e0deca673e05f5d41cf46a2aae3b4a65a22feecef1bcc3756f594c9b5422199d

SHA512
818d3ea045ff6b94f128525efacd5ff527b1efbda3c3e848858a6435411fafb1ac09a38cd3ee71042263db36ad512c92480aa889acdc0def4dc41463020b38e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed9b51f66a8a2bf6c1593ca4a344e280

SHA1
f49f74b1f575159941e9486fcb53341a2a9fe8d0

SHA256
58ec263ea983136d5bd3caabc84547bc8e59d947a28c42f9804e6f48753717a1

SHA512
a5225ff57ccef1fc5900a95e728a03ab50012c02ccfc29afa5237cce0eaf9c9ff8a4a5e1be0c22ad9dd9c123b94418108562c2e1aa91c02c7afbc8b392d109de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
689B

MD5
3d7edc1186ef541977acd1e61c1b5ab7

SHA1
bec6c6716583a6b9549ea7379f411fc8ca19f3da

SHA256
75e075be88edcde85336bbf4a2c371975a926ce6c2c09270d9c6532c6a592082

SHA512
cd0366dac00cc0455853c7e818cb539f22da3b02d01c4c374843cfafb2d9e5f2534fdffd5ccb508a24b82ae4109412231128c5be19d85c9161edc584d34afc36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
689B

MD5
ff588b2fe466aecb40d9a9bf67126861

SHA1
645b8bfc0da7f27adff6d6f7aabcc8875a4220f2

SHA256
adca1939560397114635c2a7a3f82aa0132b48c10b8e877b264be7c4dcdf5548

SHA512
d1a6d093cef6558838c4499ba55e5f9c01fee426f20e5d43d25c0f4626f5fb604a7be3dfa4a74253d09dc95548f622e265ead591907e8716acf466646d72c40f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58076d.TMP

Filesize
526B

MD5
54b7e809e9ff94d36b9cce6e5bc594ae

SHA1
c63a3794fedd1a2af01c457e23d6299be6908e9f

SHA256
7a655e2dc89ebfca2e973470638c17ee603c6b12c4544e9ece5c7284b100d14d

SHA512
cb1bf6e85552be1b274561ad052fa13d390978a13e2affe8e93593ea39f1728055051de38c334bb7c1b3b0b5d02fbf0fc8485acf7968245de4293be648f102e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
144655f36be48f6743138f9329bb3351

SHA1
afba247a6bb2b8e7d1d63dc09f81f67a27885137

SHA256
249a0bdaa5f262bad2c4e0c4be92dd274186907423b8502cd3d10e6920fbb174

SHA512
3d6829949a58d199188b8980f3a0943c090651b6dc5d873a0053240908f588c38115358f06f52dbfce51a27547a656917c34cd2716aadcc886a17afc69e0d8be

Download Submit