1b0b5a2768c70ad7f6cec16dc80161fc526b956bb40fbb3d749cf599fa9861e1

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f3935c1f94be3eacd06b06ab826752f_JaffaCakes118.html
Size

19KB
MD5

3f3935c1f94be3eacd06b06ab826752f
SHA1

87e4687ba6f58dc636319f8517d3cfc8eada64ed
SHA256

1b0b5a2768c70ad7f6cec16dc80161fc526b956bb40fbb3d749cf599fa9861e1
SHA512

c4f5b4c130a51037b542c52ce5f3c294107dff7e658ccc32607798cf94b7881473a1581f2d801c1c43902b88a34b4821382866c1cf7fd30bd2815b5fe170be2d
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIN4tzUnjBhjV82qDB8:SIMd0I5nvHxsvjuxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4140	msedge.exe
4140	msedge.exe
2720	msedge.exe
2720	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2720	msedge.exe
2720	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 1836	2720	msedge.exe	81
PID 2720 wrote to memory of 1836	2720	msedge.exe	81
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4744	2720	msedge.exe	82
PID 2720 wrote to memory of 4140	2720	msedge.exe	83
PID 2720 wrote to memory of 4140	2720	msedge.exe	83
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84
PID 2720 wrote to memory of 3756	2720	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3f3935c1f94be3eacd06b06ab826752f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf8c646f8,0x7ffbf8c64708,0x7ffbf8c64718
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9070088559730598280,15931454650119711869,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9070088559730598280,15931454650119711869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9070088559730598280,15931454650119711869,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9070088559730598280,15931454650119711869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9070088559730598280,15931454650119711869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9070088559730598280,15931454650119711869,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51d856468695e7213ec01a4aed685359

SHA1
dbcb798f2a7f86db58d17f8ecd88fdd697cca171

SHA256
0f21a08e780915cd45b31c09b16a42d91438034e28b51281271db6c95db3bde5

SHA512
eca75b59f2c4140453e90476407632d8e3ee15613f88fb31a2f744cea2fb5c3642412dece06bfa81a7c42243d2a77ea699c057871f32c55004795ae00ffa286b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3bb3176801ce058cb353ba8d1a9caf2c

SHA1
29b735184f0ecf0fee35449637767661d623d194

SHA256
fa60367760566bc3e8e4c80d596c3f2548c60a031498e945490b37f2b7ed70c5

SHA512
87345cf3df48c864836353684e65e5385e678f4645844f446596a54b4a53fab0294560d655a2513a6ba166022a4e0fa7d9551d2ab3a4c572aa08be510ddd458c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a8cf6de1-c885-4316-a835-677e96181545.tmp

Filesize
6KB

MD5
92d22841d099b11e4d8e229dc0cfb23f

SHA1
90cb5ce6a7a17886e2fbe4f7470ba902889e4c92

SHA256
cdef2b8ebffa0edf9a4744ddb2b218a9c19e70eef1edeb1e818efaae7f73cad5

SHA512
6651e7767c896345bb1ffe05533e5b1fb733ce9e5873aafa177fd7085170fdf4b4c207b3d805aee05fc713b6b623d242b125031d0b7112f9d901a7d6ac485889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8e1ef4a45c2fbaaf44c7c5194c9d0f33

SHA1
a61ae7d743a661d0d8de10816876fd3c16a1bd47

SHA256
ec0abd057a034b601ce180270da75e3bb637c3e85432f9ef1d81e429b0044656

SHA512
229a2fd32c260a930c164f69f8101b4db57e9a7371af304c8694e140b4bd70aa302dd3e6eda8749fdc9f40a3720e4ee0d2f3edbd9df2427a3be9d54a58705c79

Download Submit