9d375b78a0cf4bed9496baba5b06c8d112b0b3c4180d793e63b08a94a764baa2

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

324870b7c5941d97d3c4581a5c4a7135_JaffaCakes118.html
Size

17KB
MD5

324870b7c5941d97d3c4581a5c4a7135
SHA1

23f91673e095b243e3b94a1eff0ad4d1b4a20174
SHA256

9d375b78a0cf4bed9496baba5b06c8d112b0b3c4180d793e63b08a94a764baa2
SHA512

85bf19e2ba952c3ea603e09fd58fe549d4a3b6979eba80d09b5d3a57e1fd3c331b45d2eae0cd46d3b8052a911557bccd7742acc55d2943847413ab81ea66f45d
SSDEEP

384:iAjJyttIPAAjJyttIPzRAlLVoIa9RQTH56dd:tjMttIDjMttI7RA9ARQgd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4132 wrote to memory of 2776	4132	msedge.exe	82
PID 4132 wrote to memory of 2776	4132	msedge.exe	82
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 3892	4132	msedge.exe	84
PID 4132 wrote to memory of 4988	4132	msedge.exe	85
PID 4132 wrote to memory of 4988	4132	msedge.exe	85
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86
PID 4132 wrote to memory of 3528	4132	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\324870b7c5941d97d3c4581a5c4a7135_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd28e246f8,0x7ffd28e24708,0x7ffd28e24718
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16888034743378109598,15515253195835225134,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,16888034743378109598,15515253195835225134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,16888034743378109598,15515253195835225134,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16888034743378109598,15515253195835225134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16888034743378109598,15515253195835225134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16888034743378109598,15515253195835225134,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
185B

MD5
48de4657573bfe7ed33a1536f9cce1fe

SHA1
18fd20e64d906e1d977ebc10239f3fd89cd39564

SHA256
397b84de020c6ffc055c8522b657fae60f3d021ed7b358df8f76abc00ad8e472

SHA512
83c218ea5f1595176d5e0d2f60487cce6467c2a62a147d4a8fe5914f4d10b8299348b7b76648279e4e4372f6eb4c59686c4b6658da3dfadeb8f06c45eefb33b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b33eac70044ff7cfa38fa21420da16e2

SHA1
a73dfccd483b3bf6e559ba36c89ca2e89de79c3c

SHA256
11df3a689117d189ba4e80484bfb2a9e05f41d93f76b86a3149942c5a1a090f4

SHA512
b41d5b9f10dbfe4d5e3039ef0cbdb5bf90decdc832ae44691a9b435817a34a5bc7e8fa17b964564af5a4709feaa32baf8cf59c604d39c3389ca0e997a43eed49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4bd2aee0551c1bd62894922a75c73767

SHA1
bbc0ec9fd2d4ba04dc821a5291a49bc7e718504c

SHA256
86afd44b682fb1f3d5d0715c698e54650c49a28c043f171e57d2f8ff78b8d534

SHA512
0801f01fdd548c74262838c13e84a7e6721ccdd6fb80aea1c27d8435e360210f2a20e3ca090d10d0bdea88cfa0cbcbc35509bff394158919296f0fe58e2d0ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
161a5b53fc3988c2d441c5ebc6830347

SHA1
e64da7e651857b8311b20c6d3e75fbe32d000aa4

SHA256
54ed409731cabe54a93abad68cc9f8c2f4e46bac1aedfe6625f89045f77560a0

SHA512
3d2a80e0e8157095afebd76cd1f0ab298a176dc3daa613e9993ff8d8121cac64baf7ed8d888a955189aa7371e06fa686a327e06870be29bc8730601d7d5018ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
6228f915eec8b7c49754dc606a766576

SHA1
14e5d4388dfc5ffd1d8e15193e674c572a749787

SHA256
8866da055d1f8fb5d079c1460f23a4921b70b8c9a4465f13783406d07bfd7ae7

SHA512
1c6276bbdf652803d329b2b862e8cea01f0c5410fbb738e13598087c4ddddb1032e7e124e5f4dbb034175f775875cded758a15c3f96904ab5d97cad82129086f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
2ce5c6413bc7fb8d38173fc079a4262e

SHA1
ae2aedb64895130d8c92b4bf17c94625723c6ea7

SHA256
2f883fc425ce7756fcbf16832a4de95f344c4e5c8d0714627939b11410158014

SHA512
7fffd36313873530ca68634dddd550db71b0d9d3ee3854ceaf1f12265cc9cc810747c4453946aed1984c23e4707fe222c8b919d93ced10c85b71299a10d46be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
2b8995b9ec092316203e3a50910285bd

SHA1
4b1f10586a982ea7917c61175b5eae0050ae559a

SHA256
78b8cbfdc7a1f0f311bdf3b30b827f93d8b9fefa16513e03e3045739b1538e53

SHA512
addc0d874bf8da9860bd543d5db2558fd32d8e8ad5029a1bbe402652af3aee399a1b37b03a905b25b7440f7c5897c2802d8255d4e45023100e023996e4606da5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
db6037aecb75c61ec136e03673a431be

SHA1
9d941768873d3166d0a149c8843e99c8f0c09af2

SHA256
d07a7d6f9479f6cba39feb46599368e564090ba27fc84cb6d9a1ac57dc84f090

SHA512
7840967fe214231fd60cf3deda8bab416527c3edf00b13dd13bbe4e6564f78f91228315e5285d6367fffc9e3073bb522f56bcdbe9db588b7f47968ee84a71de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
8045dd59b8a7365bea4b5e425df91aeb

SHA1
1a0848c4f361537dfa227e3dd68d9e1bcbf63758

SHA256
58876355f4cef6364c99917a91758e8df121748b0169c9bcb041915e37425e80

SHA512
7f2bd7c22f4b2bb66c89e290324fab12124f465a6e774ff4741148d4289e83d81906a01a57a3c6937d061f56b3e4ba07b026d3703a4b754e8ee402389879074f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
681ef86b350eba1ee255c3082b2feabb

SHA1
01be95790d2bab1c079742bd1d38d44527d45cf9

SHA256
15ae9d013de8061a866bb4747edb636f6789675e8a110ab94c5dcf106a97f649

SHA512
1316b2b44213716c30825f5941c797ceb839f14ddfd11afe28155a90d5f23b803a4f310f46ebe49d54306b203c5b096fdbdb4ae021f6ea8371c8ead65a61603c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f4cb.TMP

Filesize
203B

MD5
026e084242dbe7d050cd2f3deb0996ec

SHA1
f4e0f12a9b19129615753cfe995dce71075efd28

SHA256
86f586a977eda19fe3aa9751355316f03face3306e632d5b311d97cde8d6b1d4

SHA512
cf3b72d19c3526168dd8973b6605533829ef94c7109c3ba8ec6a6e39cd25bcc5d3298ef9325d8f1ca52f3ecf914b06651c7b9e2b1fb4e18fb43c694c520cd03a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e6621df59fa7e3837b6fdb4a0385628

SHA1
d21ba9d538a5bf55c29aabfd370a587d8acdc0aa

SHA256
7d74c06b3633241fb5b7bcd36e2ced9cf3608d9b3bf0eb755facf7c6082cf67f

SHA512
d0e9624a54a2e5541d0931f78758d90d563bd786e2d9e6614dd75a6ed94ad99aab19c8e7ec3acd6594f3654b4129d7163114eafd6698252a89bc75a3cd9eb72f

Download Submit