bce3b0f044949e79c170c28a33d805c68bc80e5973a3dcda8877fb4e977d4bf0

Analysis

max time kernel
145s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 19:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

31c1e35510a7758af004a1c1780b078f_JaffaCakes118.html
Size

196KB
MD5

31c1e35510a7758af004a1c1780b078f
SHA1

6c63d416dd192e7203f6eca9a48dd6412ec0c568
SHA256

bce3b0f044949e79c170c28a33d805c68bc80e5973a3dcda8877fb4e977d4bf0
SHA512

ec85549fdcc2efc4bcc9d29df70a2d8c213dfc5e73d5a6f4926f45908bd61cb8c48097950dfd3c4df7bbd49e51cb5cb74d50e68c5addd72f373a7346ea122192
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcS6KHAZanLJb/RSacZ6NJlbp:sDcgL7SaX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4912	msedge.exe
4912	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 2488	4912	msedge.exe	82
PID 4912 wrote to memory of 2488	4912	msedge.exe	82
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 2964	4912	msedge.exe	84
PID 4912 wrote to memory of 4068	4912	msedge.exe	85
PID 4912 wrote to memory of 4068	4912	msedge.exe	85
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86
PID 4912 wrote to memory of 1020	4912	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\31c1e35510a7758af004a1c1780b078f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedf9746f8,0x7ffedf974708,0x7ffedf974718
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,8025791657722495369,6066568503441596806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,8025791657722495369,6066568503441596806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,8025791657722495369,6066568503441596806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,8025791657722495369,6066568503441596806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,8025791657722495369,6066568503441596806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,8025791657722495369,6066568503441596806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df27fa93d4b7aa314bf19f38289dbbb5

SHA1
7a13e2148b7a391caabb51aff746f4dc9d94d981

SHA256
529ad390e0a9dfc1006aee2e5633bc5848c0a8a83256b8d8ce74e3dc14615955

SHA512
dbca13e6c575ebec882c1aa1c201ac44b033b8fed3cbc89050d0de365e739dc27c89534ec54eb88aa7b064b6b61ee46b602afdb581c0b16082ad17209b2b0abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a10370579e171fea993aa6b5508245da

SHA1
1b08294fee8656fd2b82a42afe14ebddf2a93a22

SHA256
43ed8628d886127fe9f3b7eeebad78126ab972f9f198a159528e366f54d63229

SHA512
2183ccdd355d17814ec6fe69c450b18f205a5306d5a192cb9fd6c411dcae5a30bc6ec6483382fa0f9743999a1a70de6072afd52fe0eb2a4be97699d890c13620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d2b4f2e9cce016f0e9a72c30303f7784

SHA1
e3268a9748e9b9b6265be88ebbd7d73ae2636af4

SHA256
27a50cd1d3722be79cd83a888dc02014855663efb627331966e6f5e827a3a4af

SHA512
d6629f7f8b9a102e7d474898cb7901d24b3241a0940e1d65d3fcf128adc5f2d4ace082e5a2d3830cae5f9c7241df1af2c18bb210a0d2ebacd6f782a22fb558d0

Download Submit