1d76734554e52599573e90cae2bf87c3727de7d5e33d3fdfe4bb553acc89a297

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 08:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e86a0f41aad70c75508108c3f754e19_JaffaCakes118.html
Size

19KB
MD5

3e86a0f41aad70c75508108c3f754e19
SHA1

5abe992d8b937ae1572765bff6210ab9c3114d7c
SHA256

1d76734554e52599573e90cae2bf87c3727de7d5e33d3fdfe4bb553acc89a297
SHA512

33a1291c216cd15023862f223f29318de211bbd2dab31ec1224328c7578e0e197f08f043003eaa8f11d9960dd4794a45a773763e893e6f18d0688c5cc663ce69
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIQ4gzUnjBhcG82qDB8:SIMd0I5nvHxsvcFxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
2844	msedge.exe
2844	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 3664	2844	msedge.exe	83
PID 2844 wrote to memory of 3664	2844	msedge.exe	83
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3988	2844	msedge.exe	84
PID 2844 wrote to memory of 3620	2844	msedge.exe	85
PID 2844 wrote to memory of 3620	2844	msedge.exe	85
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86
PID 2844 wrote to memory of 1496	2844	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3e86a0f41aad70c75508108c3f754e19_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee5d646f8,0x7ffee5d64708,0x7ffee5d64718
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10489282875721185192,15242937945719139038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10489282875721185192,15242937945719139038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10489282875721185192,15242937945719139038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10489282875721185192,15242937945719139038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10489282875721185192,15242937945719139038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10489282875721185192,15242937945719139038,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
350c12c6b51e498a0bf43dfe7c946868

SHA1
34c676d4fdd476172b43b8c5dac95ab627fa9dad

SHA256
c8b678249e5a32b32d5d42ee89d094ee53602066e2c698e357e461fe737e8397

SHA512
352809a7d42045ba6c0dfe1070b09b82916f0cebb628f006c6ee77cec6d1a2a1f1bc456f0352aef03ebc1e3ac7bc02b88dbc507010a63a0b1b4023442fa9f705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
735fc320380ded3ab2943b8a44e23f2a

SHA1
10cb84ab0db7b9f4faf53d683cf29447911ff127

SHA256
3807085fa21c7cb9a7a4a251f583d555ca02fe217e64dd75c2f2c8691e8117d2

SHA512
e8d9fde3947f1c1a81779ba7327332b5e8fa41bc7305c825954d332b444b11e9fae52e56cae86ada885d6f52064f6baeeefe81894ba7dd85043894f8ef788337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65ed5123b59963c6a0f696758f60535f

SHA1
9380d89f15281e58f5031ae52848b894a5622f2d

SHA256
beba33c6126457fcf399fbe5e4b896023814f55a7fe20260c248bbf8b27d3cc3

SHA512
e8c4f61938098d16dd48588d76958e48c49979517f37a86c0bda3c1cf34838dd088370f957f3376ecc57c518ad96a6f6521a1574c3de8b108d3a299edd7fe9c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2ff0fa9afa6eddf3ea3cc8c0d76f5053

SHA1
7eaec583637dbf92262da492fe087b949fb51869

SHA256
3eb38b8ad3fe803e00b2581035c6d9fa19c85f179a6fd879fa5433dec997b2a4

SHA512
09c7743a8d42b8a1e61c530e7f88d25f116cc9e844f3488d3bd1e3a8a52ac72f3ef9fca56e7f470bbb999d156f133c0c6643d42e487e90fdb8fd52fc764afc47

Download Submit