35c56fdad87b9629a4debb38ac6ece6bb6c5631c97a3c883c5503a3f36bfe5d9

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3ff4634fe68a79b8533b99bc63345ec_JaffaCakes118.html
Size

174KB
MD5

b3ff4634fe68a79b8533b99bc63345ec
SHA1

f77c2ea09a2856bed8a5de1ad6faa31426cadff4
SHA256

35c56fdad87b9629a4debb38ac6ece6bb6c5631c97a3c883c5503a3f36bfe5d9
SHA512

2e978d5ea46b166d5e0d7aef4a77c6fb100e90801d7121891feb96a2c637d306bd3b5f5146a14f104b1383891134a4056e1d1919dd8c1bdf2eda7dae2e95e14a
SSDEEP

3072:r9ZNzhkYsUjsz8Ee39E/LTZP9kvsGJ61CeNeGA:5PjsqELGJJ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
4564	msedge.exe
4564	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 1512	4564	msedge.exe	84
PID 4564 wrote to memory of 1512	4564	msedge.exe	84
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3036	4564	msedge.exe	86
PID 4564 wrote to memory of 3612	4564	msedge.exe	87
PID 4564 wrote to memory of 3612	4564	msedge.exe	87
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88
PID 4564 wrote to memory of 3460	4564	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b3ff4634fe68a79b8533b99bc63345ec_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd894146f8,0x7ffd89414708,0x7ffd89414718
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,12011705714660114019,8053712590502158438,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,12011705714660114019,8053712590502158438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,12011705714660114019,8053712590502158438,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12011705714660114019,8053712590502158438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12011705714660114019,8053712590502158438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12011705714660114019,8053712590502158438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12011705714660114019,8053712590502158438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12011705714660114019,8053712590502158438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12011705714660114019,8053712590502158438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,12011705714660114019,8053712590502158438,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
257c0005d0c4d0bb282cb470925e4376

SHA1
f9b8efb511ed64292568977c9f2ec255509e8f7d

SHA256
8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22

SHA512
2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4819fbc4513c82d92618f50a379ee232

SHA1
ab618827ff269655283bf771fc957c8798ab51ee

SHA256
05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c

SHA512
bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d5e130c1ae9d9978c5f5e14edfb08a89

SHA1
21fd07ddb7ce445e07dd4f334698ead9d027518b

SHA256
1a9a08dac7ccc544273d0ad3b5b0a41f74d4c54b67ae6642caec2641215be21d

SHA512
c5c9021c3bd29855481b4bb132d8d4074c4542493af711a6129e77132fa9771fb45a51cf19c676c64490122a09597400f60dc87859b21e0ebf9fd1425f6f3e27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f72b87e3463881fee405a037a3eff24d

SHA1
a746d83d98c04605d5c4d6392f5d65761bf3907b

SHA256
dd3113b10fc2b64ec4c40166af84023ddf21e28e46a3349a24f7bc3c9ca48224

SHA512
edef6a4eb31050aef09d1a2e5e94f00081c312f6bce8c31427a677c04152896d3919120a245690a6ff2155f6275af961e3122cd55e3e4de803e198e5c330c6f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ffb182b629978776ded2523ca795ea94

SHA1
4bbaa566236210174a74653230d0b3b08911e46f

SHA256
8a317241b6d13c6647092b87b3c1b7c52c8917f150d9aab46916154ab5954c77

SHA512
4d6225c1dcfd6d5238f7a50624a922829cbfb90ee193d68afec52e0e80aa5d7c0979873186898172ba16d713381036ba5764b4fa0703c149a622532545cfa919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c0d763f360852bef956970d69abd22ba

SHA1
ef7fca86d5f26e41872df3e9642515ee2f017d4a

SHA256
ec8df4fcd8bc0791972366f9c0657da2a0f450a2baa6bf187a4a443c05352bae

SHA512
de220c369fce2ae298d3743715055d2455ccd86d805cc934f4a9a4e7a1b375332cbed3b405ff5bfa55f4719c4aa89710a69056e5fb5ce4a8697d16a7fee8fea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f82a196a9c78971459c02ddc3c02542d

SHA1
8328d3e8bee58ed89a7c7dbb7d8cf5963d196106

SHA256
1e842e09697b70d730aa154e6028e302f7edf745b9383a201e5bb777fd596c85

SHA512
5334bfdc8a95e51c77f742d0abbc1d3f528682daea035cd87d479a1b6af68a38784adab485bdb46b1933c598035936918fac3d84bb24ce11bd320953af69fa4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8eca7651e9fb6f36af586d9759bf5c63

SHA1
6320654611f03e535013746cb21a0683683d8fe6

SHA256
aa96acb166fab5c8cf00f78860bb6f9ca0600a2ff41d7b1f1dc25f9491bafa34

SHA512
9d2357d28711d3df3d5f2c099b8ca27cda093e2266ec9364909c4bdfa1cded347546c4a5972761c5e7ca8f2d459809eb7656040394fdcd6ca84a76cc854e58d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
95cd1581c30a5c26f698a8210bcab430

SHA1
5e8e551a47dd682ec51a7d6808fe8e0f2af39e86

SHA256
d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9

SHA512
e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2e35b18f3a433e6e6e2877ecdddfe2c4

SHA1
7d4a3cb4d708c9199796fc29ec90666111a440b2

SHA256
fffd206c4ba9ab234b94ac9d1164559238920f72ecefe039a2c4718b3928e7c9

SHA512
8b7fd0dabd70b47b9ce55b3f87b170d63038c7de6fd3cbac4cc522f70da06a970992b5d139c7211d98f014b35acc5dc1db47fef35286816802b5869646f8e1da

Download Submit