afb5c14a051e0a5c97fea1235d57188ba4a96f6a5094334c687ccb49a2159a3b

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3fe1aeb095f3632bf208f1ed907f2f7_JaffaCakes118.html
Size

21KB
MD5

a3fe1aeb095f3632bf208f1ed907f2f7
SHA1

0b29c2bc4cad37f379e68cdc3adc4c6ddb2e90e3
SHA256

afb5c14a051e0a5c97fea1235d57188ba4a96f6a5094334c687ccb49a2159a3b
SHA512

2db7eaac48af7d3a25fd5f0af902baa25e27979a9f58f0843290cf78e78690202fa0ffb80c17e2564dc57ff0796dd751a2064d30f5c36cb5104920f1dacc2f24
SSDEEP

384:6Rna6ZKxqho/K0/ejriaw+mUH1Dci3qVmjrwqHryaqmlrU9M4y3fn+2abYYtMcQE:SLsIho/K02a22VmwqeaqmG9Mlfn+2ab/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
2924	msedge.exe
2924	msedge.exe
1888	identity_helper.exe
1888	identity_helper.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 4712	2924	msedge.exe	81
PID 2924 wrote to memory of 4712	2924	msedge.exe	81
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 2012	2924	msedge.exe	82
PID 2924 wrote to memory of 3036	2924	msedge.exe	83
PID 2924 wrote to memory of 3036	2924	msedge.exe	83
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84
PID 2924 wrote to memory of 764	2924	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3fe1aeb095f3632bf208f1ed907f2f7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe197b46f8,0x7ffe197b4708,0x7ffe197b4718
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3844873580337507589,14512757319721316601,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3844873580337507589,14512757319721316601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,3844873580337507589,14512757319721316601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3844873580337507589,14512757319721316601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3844873580337507589,14512757319721316601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3844873580337507589,14512757319721316601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3844873580337507589,14512757319721316601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3844873580337507589,14512757319721316601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3844873580337507589,14512757319721316601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3844873580337507589,14512757319721316601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3844873580337507589,14512757319721316601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3844873580337507589,14512757319721316601,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
264B

MD5
05cb4ca0a2e81d130d58e55417145d76

SHA1
e0f206a54c196a1bdc90b3d809855db3a55d1541

SHA256
0a9eb6b5c5009da56efe3ee62e56973f7c2174cca132d6aef9cc4308a95685fe

SHA512
03012480a1d84f15d2adb7e49c92039137966990e841bc9ac6140dfda4e0f3c9e4956b109e3188c912dab1384e45e7ea171f2fbd5697f22444be91372933716a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b6b4a16ad5c306191f0b3dbb2821a7ba

SHA1
1018677e2196b92fbebf55fd100c915287aabada

SHA256
fa91b2fcc2f793a82fa2d1ae4969cf99ed0e3d59542d5e418671fe2889b99dec

SHA512
ed25e659c204ada88e1585e1af48ef55e39d500924351487285028f3b11e84cdcd995607457f17e3374122b5846698a1bd79674600f36421311cb102d12c06bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f11a46198b7e37f6a6ab06ff91aa21e

SHA1
a986056120c220b43b8d2fb846ed522ed6acf5bf

SHA256
2586bbfba24c66e8a0f5b185e8460672bfde05556a1092a430ed215f3dd94c7b

SHA512
10b666387909952a5eb7e355fcb21d285d661bd4aa7c0973e400926851c14bc96e85c7bcdfb04a6627ebb850cc6bb9bbcb8045267b46d20dd0f0e7ea65edeb36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b70c0c8d4d725ae3c55d8ffe2893907

SHA1
f2001197fdf12c6a49dfbd8ac4f82263a2d3ee6e

SHA256
6afbbdf3d4a195149540b905604c105c31e2aee1ef825d2a16913fb5b4f8fe9b

SHA512
fb0bfd96f35d78ca81f6f7f4430d1b7c4ecc88eb9c4a81e91e2d6327534bf6ddef5544e9f69f95eea0bc2bf63c36ae095a369e5e8cf46dea02fb8e95d984c397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bdf3208f76a38bcda351494d70578d28

SHA1
ba2861dd741719a8e93925e28fa01b778a2c05a5

SHA256
d7268f72481a97364619dd8ae094442d4d677bec1cd083b6e2edd861b3c62a29

SHA512
351ea92671b1bc939c8e3bfcc859e29a9100783450aba6a3c1a7fc761555774b9727512aa282abd65d9f7f94c60b0e67fd9f55daf3cea15ff280520bedb244cb

Download Submit