59420188d16164eddb0f45a6f3fc3dd7d29dfc5e12bb817a4481e3a8ac9b5dfd

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 22:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

36ab489e985ef038b4e264c712d5b85f_JaffaCakes118.html
Size

194KB
MD5

36ab489e985ef038b4e264c712d5b85f
SHA1

50d481aa5873661670fb5be1c1c790bd2d9c7290
SHA256

59420188d16164eddb0f45a6f3fc3dd7d29dfc5e12bb817a4481e3a8ac9b5dfd
SHA512

4dd2860407649dcfbb3c4db0a220f41f77dc26349564f44b04692ba5432939348545e8e6f998787f4b4bc9563844bf623b8fe069781360ac4cfd7e96df64f13e
SSDEEP

1536:lrq33rZjl+PIRKySfXv2kLzgGh5OC5dYY4:lrqn9p+PiKySfOkgGvOC5df4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1112	msedge.exe
1112	msedge.exe
3356	msedge.exe
3356	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 364	3356	msedge.exe	83
PID 3356 wrote to memory of 364	3356	msedge.exe	83
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 3312	3356	msedge.exe	84
PID 3356 wrote to memory of 1112	3356	msedge.exe	85
PID 3356 wrote to memory of 1112	3356	msedge.exe	85
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86
PID 3356 wrote to memory of 3464	3356	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\36ab489e985ef038b4e264c712d5b85f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc43046f8,0x7ffcc4304708,0x7ffcc4304718
  2⤵
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8200141379037200706,15718591145587957564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8200141379037200706,15718591145587957564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8200141379037200706,15718591145587957564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8200141379037200706,15718591145587957564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8200141379037200706,15718591145587957564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8200141379037200706,15718591145587957564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8200141379037200706,15718591145587957564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8200141379037200706,15718591145587957564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8200141379037200706,15718591145587957564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8200141379037200706,15718591145587957564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8dc45b70cbe29a357e2c376a0c2b751b

SHA1
25d623cea817f86b8427db53b82340410c1489b2

SHA256
511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a

SHA512
3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1790c766c15938258a4f9b984cf68312

SHA1
15c9827d278d28b23a8ea0389d42fa87e404359f

SHA256
2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63

SHA512
2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
e035a16017b9385bf16e7a915f7a2669

SHA1
916c21e2556d550e342f3428ff0c7fa6a7655969

SHA256
df3a6fcf4921fb40b1c3222e20e24dede3983a3de42d345943f9bd61eb885907

SHA512
178443fd63b5427f7af842f1ec59163c3ce482467b66a0a43984dca4970807cf1db5419fa6adaa405115d10751825ed87b31d9e1a20fe47e7ba78e42a89d8968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
901b4b9ddf619986275edd11350b0f3e

SHA1
9ba13a092c80a69655985b27a277a280ae9259b0

SHA256
85638d97fe63f468c0f3fe49fb3ae8c1c64c0d6f865343b491c42acb4364d5a6

SHA512
c342819c0b73270d48b660ad8d954f8e9ec039f70c88f0b6a2743b972e5a0804e61d0ec1199b69886abf919b913a1306417ba5fdb8b1e523a03fa91322f1fbc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1ecfebf625c00783a9871b25917f4c4f

SHA1
96187a9565486d1d1a8e3034c9f3e49e3499f0ee

SHA256
f09888eb54e85ecc7c56b41d2ac84c1768123b286bead352e919b9ed94e21121

SHA512
c60dcdf4d91159552f007e2724c3c67ff6adc0856f6c05ea1e2d3f14c14eb8f3003629c3e9a65ca99618a51d02619edd235943c1279f3ebf5e3f24b3ed1e5573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c12999e4a970f44f2a8fca8cb60a7e41

SHA1
7e625e89a8842f45c78a3518607943bd432c1c8c

SHA256
15d1f3aa9b3d93272b0e1f985af361106460ca5e07ff4001c75fe29c4b962d7b

SHA512
4a40ffb173b0ec3964bb8d25e12c6f4ec6b874118bedddc4538b53251ebb7fae833dedd4e6924505455c23a34a7957c18862e3aa0742917bfa8da561d3bced0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ff494894-36b0-4364-acdd-cb4b3b5d4c4f.tmp

Filesize
6KB

MD5
2e00beb9152a7097ca0e03294e945323

SHA1
0b0b3a9fa628b094fcc82d2074ca500f5198303f

SHA256
2cbbb9e30d3f519281f64f4f1b839ef08ab1fff13a8e8c7a86178a6f55234c4d

SHA512
592313fce37a90839257c6e94b674664c863a32845cb09e8700b3352da8a2cf608dfc7e1c1c48e53c9467147b878f17ac47c4090e0db0b5b1654e1ad71354fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d890052feb556bbd9bfb5c0d258c5279

SHA1
b38e83961ca4476da875c6dc0319d730eaab2a7a

SHA256
1b6a62ea2ebb01bf499cb9c3670786e00ae897ed45478a77e1aee0c625a0e94b

SHA512
1e0b5a34913fa68c4061fc81918beca93322e6495926fa29f5acf9f2132a91a4843ecf64f9eed846573ec5e71a3c75295840e7d2ea187238f6d6765a9f57574d

Download Submit