651434f7ad2d5ed602a3e82194d880f94ceacce59221a260224e975589d4725f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fbbe177080b535302ee72d4e9d946df_JaffaCakes118.html
Size

148KB
MD5

3fbbe177080b535302ee72d4e9d946df
SHA1

e94c1104b0bf5a2e8a5f7ab5804daf1a84a178f9
SHA256

651434f7ad2d5ed602a3e82194d880f94ceacce59221a260224e975589d4725f
SHA512

9b692d91f4f9f0b8b4baaff306add9e720cb4d9e7ebca8c81115b288fa6c2d632b1b98ad19ef5d66b1a1b946eb810f6cf37bc74cd929eec056ce5494e7695861
SSDEEP

3072:NQyeLJZUSitA+fikf8Auf0xmzXaSjWdXnEqCSJDd7A6HeHxUG/+V:NQJZUSitA+fikf8Auf0xmzXaSjWdXnEY

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
3160	msedge.exe
3160	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3160 wrote to memory of 548	3160	msedge.exe	81
PID 3160 wrote to memory of 548	3160	msedge.exe	81
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 1152	3160	msedge.exe	82
PID 3160 wrote to memory of 5008	3160	msedge.exe	83
PID 3160 wrote to memory of 5008	3160	msedge.exe	83
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84
PID 3160 wrote to memory of 2248	3160	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3fbbe177080b535302ee72d4e9d946df_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedb2d46f8,0x7ffedb2d4708,0x7ffedb2d4718
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2934207632640535655,1749198350989060557,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,2934207632640535655,1749198350989060557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,2934207632640535655,1749198350989060557,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2934207632640535655,1749198350989060557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2934207632640535655,1749198350989060557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2934207632640535655,1749198350989060557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2934207632640535655,1749198350989060557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2934207632640535655,1749198350989060557,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
764B

MD5
c223cb288184c6595092338908cb0c78

SHA1
860dbecd9f477a7d7fa716cebcea49baba11e12f

SHA256
23f0aa0f390e5bf6c76931534b27c9d6f0d265168ee7bde49b117f4e2a366602

SHA512
b378027e61124a3250d5215b277e0bd19c9bf6dad3f0029536527932680a08774aacd13d883d3ab3dd73dfc16efe12496c25eed40b0a9b8a3474c88622cb1dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
896158d58e2a4c2abf3348fef95555a2

SHA1
52f0479b80b2816876a0a3f5858fd45e370ac649

SHA256
806360731f903bb95adc20e2cc5fd1cd5a7dc682bf2c01b51f8196a0698aee3b

SHA512
d0cc0a9041f96a5316bd1ad9b9f5126a1392e851e17604615804b4d46e97b41ccb134e1bced34c264ebc93591e58b953c4c9334959f8dc7d0c21d06abe6dd4c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ac61143e4370739072e2a6ebdee0bad

SHA1
665812242bed7c754ec9961ee6bbbe1e9620c2ee

SHA256
2dde71c2822e6e7bdc4c90e2a47399eecba5e4ea375828bd87368fe6cbd92de1

SHA512
dc54c2710c87c133eeec673065bea66378c6c7cd921976ca84b88854e88b0ec24e394226f03c0f98144600e3b55f635e4300f9acbac34deafd607e069a82f905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cbf64407ed08ff2c89401a89fe86123c

SHA1
c0138f0f3828dbec7dfa3c52bf84fc7991ca842e

SHA256
13d2a205ad34dd63ae76f0d0fa9028a98d60c9f27fa38374ac763cfa160af1e3

SHA512
f705eb92aaacc0f160d1ef691e2514a7a0f2386dad7f1dd18bc3759f751bacdfdb46d4e510e0ab373337f3cd1a0c65422d47cd18bc89847ecd4678970ab1dc30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
fcd2082d157208cf1fcc6e878bb34263

SHA1
0c2b2c0b9962a111e31cacf7cad9c80ba9b7cf5f

SHA256
9add2d02567c94db259b7993d0daf3a118337abe4ba550ad34c0c984b78e0ec1

SHA512
40af090a06f38ad498a17eeae678196d597d015c58aa0d3d3f4d5bd2904a31fcf9ee21186259f39c4e55538da5e1964cc071830cdf8ed4e296cc02a6d995aff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580981.TMP

Filesize
539B

MD5
8d96a17fbe59244efa29287280587047

SHA1
1de981fb5fd3d454ead872a690eeda81935cd9f9

SHA256
4bc14778219590cdd767ee8340480bb19b8b9de3693ea0a02d1a45a0eaa7be57

SHA512
9c2796ce363f27ea8d182e77e9f0ee661a13dd0c610f6f4aae522bb43f5e655d789adb980576ca7fcdce482362babc012e0d681d82c1a48f70a613cf97fd87f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b625ce0f7f286e66122ea081534a02c

SHA1
fe847402e025b114b745652c3103e8c5fbcf1078

SHA256
8907e0c955093d5b49a6ec8759456c5e268af2599845af84f4546c486aaeb5cf

SHA512
7adda205e054e9cc662f701fde58fa5c87b85f3f00bee624daae75dafa41202ef68727cf49d409537bd9e787d7744c71559ddbc10e08aebcee40e61fa106baf7

Download Submit