2e9e88d206b219cab1eee66cf42e7d1ae76a389b6efbd5d6f4715813633d100c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36974e1c0334c4c85613880690ff7034_JaffaCakes118.html
Size

11KB
MD5

36974e1c0334c4c85613880690ff7034
SHA1

c514913300f49f9c30b0ba248f7dd9c4713f15f3
SHA256

2e9e88d206b219cab1eee66cf42e7d1ae76a389b6efbd5d6f4715813633d100c
SHA512

edf32935ba8b2b50bbb88cb66dde5a4838d14c8d42cd58fab4e6a42d2c2f82b21a173ee58cc07ae1f78e0bd4abdfe017619322bf2a0570d661741015842579c4
SSDEEP

192:2Vs5lIsr03+cz+cw8k/w1wvqy+c+B+cW+cKrn+c7+cu+cU+cn+cw018LOXuBuLbt:sYlIcuJC/gcIBEsrn9IuVC08LOXguLZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe
528	msedge.exe
528	msedge.exe
1568	identity_helper.exe
1568	identity_helper.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 528 wrote to memory of 2220	528	msedge.exe	83
PID 528 wrote to memory of 2220	528	msedge.exe	83
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2976	528	msedge.exe	84
PID 528 wrote to memory of 2984	528	msedge.exe	85
PID 528 wrote to memory of 2984	528	msedge.exe	85
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86
PID 528 wrote to memory of 2036	528	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\36974e1c0334c4c85613880690ff7034_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4d5a46f8,0x7ffb4d5a4708,0x7ffb4d5a4718
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15701879407683622754,2541818565187652313,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15701879407683622754,2541818565187652313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,15701879407683622754,2541818565187652313,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15701879407683622754,2541818565187652313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15701879407683622754,2541818565187652313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15701879407683622754,2541818565187652313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15701879407683622754,2541818565187652313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15701879407683622754,2541818565187652313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15701879407683622754,2541818565187652313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15701879407683622754,2541818565187652313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1468 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15701879407683622754,2541818565187652313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15701879407683622754,2541818565187652313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15701879407683622754,2541818565187652313,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
51f35eccdf576bf8dd24f55931f1a53e

SHA1
bdb0ad2ba0e895cf4127ce1bc5dfb9f576784023

SHA256
3192345a251bf8398ba014ac717bdf29b52c0bb15fdec5fa04f574238bce4fca

SHA512
7fc45e06aad2b8af639b41d48b08ea84f558d00f387911cb810a273aecc9acefe8893ce23ea259a3d8b25b72fa14b54a9aa07b89ff6a2e633d8cb36fda71325e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3331c13af5b0ada7b8a19c7db54883e6

SHA1
4dd35d8f695553a88f696f9537962fdb6247de19

SHA256
36cd6e6eb559e94f88c1c8de9015680bdedcb5fe657468236960217e7e55274b

SHA512
2f10ff8580724b5d1b79ce84ca4131d8d0ff480db877f651b4fe9964e1ce564c23aa03ded996b952a2dc2170d0a2a72aed13a5c39a93ae58291f894171b11729

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
443f692a98d522d0479a68fa3e423100

SHA1
602893683aacc9f435d920207fc479555c08449f

SHA256
fa2cff894072db74fb08fc7e2dfc39c949fab4d3b39a501c47b57baec5f62dc7

SHA512
b2e97021649a00a8d65a24cc064070a0ed252e28a0c2654160a1798771bfd1916c3e5fa48ef32148fc5d828267ba9fc093fb53a210599d13b2c4a03f13ca93e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2a65f059d7c49543da2e531974d03bcc

SHA1
01c180716f73762ddc9a300d9aab54afdd9a8463

SHA256
d591c423675e38db98d09ec53aa27f39243ffa6d89ee0786740777e2c57dafe0

SHA512
90e866b1614ebe547c01efb3a088da4c1f36df10ec11f0ea02f36e58393d85af911063502e42834aea084691d2c31cc6abfb94761261e5263984c1fde5749445

Download Submit