b99deba44b463cc640dc8e8c8236329147bd0ccb98b2892e930348307c540387

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3eb0f2fd701e5470854516f6fb56b216_JaffaCakes118.html
Size

11KB
MD5

3eb0f2fd701e5470854516f6fb56b216
SHA1

f9e8f32578e94d12d48abc17ca9d93ec22428bfb
SHA256

b99deba44b463cc640dc8e8c8236329147bd0ccb98b2892e930348307c540387
SHA512

cbd639f40fa48038d6551363a670f3ad6160e718e2f6a639ce3fc0300810233645eadc595e7003b48d3b0e3ace0fa0a646c48918f6cb9f1c4b6e6e2edef0cc46
SSDEEP

96:hc8JcYceNfdrcH5LoUROY9pY9Vw6hzcU1xdh6Yb+VcneIYUySctcQ1Y84DpKsAH6:h3Jbpv65Kw+h9ReEyS0T1YTD5odg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2628	msedge.exe
2628	msedge.exe
4552	msedge.exe
4552	msedge.exe
5352	msedge.exe
5352	msedge.exe
5352	msedge.exe
5352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4552 wrote to memory of 4524	4552	msedge.exe	82
PID 4552 wrote to memory of 4524	4552	msedge.exe	82
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2840	4552	msedge.exe	83
PID 4552 wrote to memory of 2628	4552	msedge.exe	84
PID 4552 wrote to memory of 2628	4552	msedge.exe	84
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85
PID 4552 wrote to memory of 3124	4552	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3eb0f2fd701e5470854516f6fb56b216_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa682d46f8,0x7ffa682d4708,0x7ffa682d4718
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,12545123639813818916,4982445340351357906,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,12545123639813818916,4982445340351357906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,12545123639813818916,4982445340351357906,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12545123639813818916,4982445340351357906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12545123639813818916,4982445340351357906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12545123639813818916,4982445340351357906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,12545123639813818916,4982445340351357906,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
a28fc8c7b408c9fec7eb29ba72319a1a

SHA1
2b1815d04fb077e076a7c078db984304b82cf50e

SHA256
1d26a34f3b686ef9b0f4402fd77dbbf4e517c3a60d31f19751f038953abe9e65

SHA512
6a6f10e0011b2e2f335d65b2b5da07e47e06aa5eeb22ac8950f63928c18242952d216526c8a2ba909ad04fdaf073215c4277272c6de2a28c7cb39a211f0a78bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ba088fbb8c99645c189034c2775c658f

SHA1
195092c45df4756409522523c95b9190d317bb40

SHA256
dbbbb87bd98f4f0c28bc2766ab1614de4c703d94df453328167229319dc83de5

SHA512
ca96f242834c0c624d3ebc8e9b036b873dcc0795dc160d31ae39865f7fb6f7a3ced7570b6a2af1bceea7b8e4cb09f9ee8136551c8efe20f38539e751ba0dcf81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a15b6c52196e1512adf7ee4cd72ce5e2

SHA1
af4de4b0f957d62b228dcc0bf0a7d3bf09ba6445

SHA256
d7746a8b723d8be3843b2b9d900d91dffd644f979175e169c13f8a7149bf5bcd

SHA512
f86dc069b12b3b9239ab9cfd2d62ddc6ca73a6152b6d1180ab0548bcb9b6795d0a8df160268df943ccc13d420126b6368aa00ab8f3fc7f8d090ebd876a5fb62e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1a148f20f9c76402011e9c7323185eb4

SHA1
e06909b3f6d60a7f0806c14d4f78e9dcdd5380a4

SHA256
6bd53bae7783507f2f2aca393df8a89fb4d6d6e86f02fe6a8159b395870643f7

SHA512
0038aa226c14f7fe322f37aa8a36afc7ed1b58e4cf484b2ea34a3ff026a98bb16c7d801e0d943f3a989159affa141b717b7f4baad9237b2e3434a09227c5ae5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e6cbb92e0a3682c464e82b69c1f71350

SHA1
c1cbe5b5356dbebdd2429220f3cf4f8fba254504

SHA256
ea49a2d8cdf272467b1f9f63c9200c33e3e052d2ac8f792667b0fb29d0b8a8f7

SHA512
a4fd98e44abad9d952e73f70fdc5497d494a1769a4c02d654bfcc274a52a1ab814319973575b3ce91a200b2511f7ff00cf94e89fb7508f253a6389ecf4dab3a8

Download Submit