3ff1e485fe852c66a92fa5e429c5282183e513685b274f1813078c8293eea258

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

322893bda32d2707a84939eb7ab1a7ab_JaffaCakes118.html
Size

141KB
MD5

322893bda32d2707a84939eb7ab1a7ab
SHA1

8df261ed2f1399ca599be6a86390c60b931ca141
SHA256

3ff1e485fe852c66a92fa5e429c5282183e513685b274f1813078c8293eea258
SHA512

f09aeb17c4de2aed2f3ffacb96201a8aaa55a4951c8b119c2655aeab4a3bec63bd089bdf63f06062376be6017191235b1e42bc86bdd4953d210a48e6de222dad
SSDEEP

3072:mFxSF3V2UP13G4k5QhLpOatVSatCbY/fNbYaaLStR6cxWUu/v66sbsGon4G59t93:yY53G4k5QhL8atVZfNbYaaLStRjxWUub

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1600	msedge.exe
1600	msedge.exe
1384	msedge.exe
1384	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 2564	1384	msedge.exe	81
PID 1384 wrote to memory of 2564	1384	msedge.exe	81
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1924	1384	msedge.exe	83
PID 1384 wrote to memory of 1600	1384	msedge.exe	84
PID 1384 wrote to memory of 1600	1384	msedge.exe	84
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85
PID 1384 wrote to memory of 1996	1384	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\322893bda32d2707a84939eb7ab1a7ab_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb418646f8,0x7ffb41864708,0x7ffb41864718
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1063817652746065835,9028559023225433427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,1063817652746065835,9028559023225433427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,1063817652746065835,9028559023225433427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1063817652746065835,9028559023225433427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1063817652746065835,9028559023225433427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1063817652746065835,9028559023225433427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1063817652746065835,9028559023225433427,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\46d7ff35-5551-43c3-ae1a-bf57e8030b92.tmp

Filesize
6KB

MD5
68da96a514325067aa767301d661ac32

SHA1
a1b59b4cfdb7ad66dcb284e1033872a8b7c0ff47

SHA256
13ee093dcd484af3348b4b87402d93b6738873bee8bd189907f9a8ee1d3901ff

SHA512
f85a3f7ffa1b8da37373dad9f52d3d74876353f818ce926baca7a1289dac38c0b8700420b9ed97dbe28a5b48de78300ba0acf2b25a54a8e247d86ff5f0f96ede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
45e0c3bb6fdf60cfcb4ae47ca96c014a

SHA1
d43200b6c683d8c0ea9eccc2c13c3630641d1509

SHA256
af82a91b98f934532f30d4d1ce4a5a9d1ae801b334150d4497dffcd562acebce

SHA512
feb224e4a01ec42d2c9b288cbfb9dfb64de63d400835e92ebc47b4b3c50e83655fcb6211429612d3b4f6c4addca46b709b834c3b6aa5b9d5cf604e8259fbae08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fbf1c9d8d0c02c3d82e09202e163ff8c

SHA1
f1802203e9d9b7b77f7a3dabdbcb911ef54e5dff

SHA256
581a01c22d55515e4c805589cd24728ee8f50eab893529c8340cf4a03b1997b1

SHA512
18f64626a07a25c6bdf8f9b97ce5eb904f853aa576ce78b82c32cd049e9dbb7140f379f522d82e6767a7b5e6d2fe32d71fd6c15081a444fadcaf9d5c58c0083f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e20029b611bb19ea86fbe442e9c8eb6

SHA1
46c1a99635f00399f68ae88b2ed7cc53c29c1ca6

SHA256
e11b37655173872f007da1d1df364b36205d56b35b2aee1c10c861eecdbd4f21

SHA512
2e1f1663255399208222efb502e6d62c96599af8e28f2f7e72daa1ccb6d82affab92633c35508434baf9b6e536e0835caa9e9972f145b764c7ee5b352eb77a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bb925554eec72228e4fd248b6c7b2a1e

SHA1
83d3a5b9404cbc001f1bf125cde3b2cf325d987e

SHA256
dc9f61b6e6063e18d3273e0715d2c427bdaeeb785872364a8f4580f37eb7bba6

SHA512
bfd29d6c729cf1a37d7a9a4d6f3523f30c238fbb3f353d8ac367de2944ab8210a62d406512ec6c775b36457d509d5f71e3cee2b4f772effb4c9e8788748f0169

Download Submit