38236cba8d19b58d0e2d36d0230b8a4dc28962c08dd9cde7c81b11609caf68f4

Analysis

max time kernel
0s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2901408086a93c8adeb543c96e43773a_JaffaCakes118.html
Size

124KB
MD5

2901408086a93c8adeb543c96e43773a
SHA1

b987189d60f46b052a9dc0f5a8aed2178fb75275
SHA256

38236cba8d19b58d0e2d36d0230b8a4dc28962c08dd9cde7c81b11609caf68f4
SHA512

30b6e96c5bfbeef5d26316c198abb92ed0b952699d2cea57554a80136deb302ac2b6227b3f6e2bf2d7bd8210bac661f17265cce2fa1706de38f83833c0bbda6a
SSDEEP

1536:TMUI9nW+G1HyqNddiC/SRYivYvom4xHbWMRNVfP34dE:xQnWP1fkRLgvoTMcJIdE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 5036	2840	msedge.exe	82
PID 2840 wrote to memory of 5036	2840	msedge.exe	82
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 1384	2840	msedge.exe	84
PID 2840 wrote to memory of 640	2840	msedge.exe	85
PID 2840 wrote to memory of 640	2840	msedge.exe	85
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86
PID 2840 wrote to memory of 1500	2840	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2901408086a93c8adeb543c96e43773a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc09346f8,0x7ffcc0934708,0x7ffcc0934718
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12797847121376679652,10223962453208666821,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12797847121376679652,10223962453208666821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,12797847121376679652,10223962453208666821,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12797847121376679652,10223962453208666821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12797847121376679652,10223962453208666821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12797847121376679652,10223962453208666821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12797847121376679652,10223962453208666821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12797847121376679652,10223962453208666821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12797847121376679652,10223962453208666821,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3164 /prefetch:2
  2⤵
  PID:1488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbc957a83b42f65c351e04ce810c1c11

SHA1
78dcdf88beec5a9c112c145f239aefb1203d55ad

SHA256
7bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128

SHA512
efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5b6ff6669a863812dff3a9e76cb311e4

SHA1
355f7587ad1759634a95ae191b48b8dbaa2f1631

SHA256
c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906

SHA512
d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ced99e138db3fd32783e01b3c514584

SHA1
2c0329d22ad221c0702fb11d968acb9a355d2ee7

SHA256
ef7492f31f62ed855a98179a5f20753c4acaacd1e6c3c054b989b59637750ebf

SHA512
96c7f8d17aef5b66d1ae36678058a0824268d17da482943d2a85de3ee12ffb4ab3b1f75bfab3ac0cfa619bbc8cfee0b603569c0b62e7f6ad64005ea545ee42f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c7c352cd4430fa701277e01a50813ac

SHA1
a75f908725124f0e0138a80abab005af8d2023c1

SHA256
b2971cb14685ed06cb26e604eb927a104ece3d67a6d6cc8b564b9eff215c9953

SHA512
7ae7caf4fbf59efac4922d003163d9d2ba8a01008db8286940090304637874984ecd6eebf8b27260453333e5405362c2ddbf9c1702fbf191e1e088272d07aa74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
283fc791e2306cc90df8782dc8f8cdb1

SHA1
a2df3dab67249d76700114eadf01b98666acc6db

SHA256
538f8deac511037d1c3c9da26215c6df488f964a7ef95908045894b517ff5c57

SHA512
a4db6cda9416d41be64a8176a1e90962abce91736270e72b2e20a05441e17aa6830f395218d55caa967728dcb3494f2cc41a1db00dd9ff96f645bfad92d98326

Download Submit