58a7c1038481e1f2c86bf629d35fedcea7d70966d6bbee4537a84abc970b9883

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35851ae9055a831806b062eee5b750bf_JaffaCakes118.html
Size

11KB
MD5

35851ae9055a831806b062eee5b750bf
SHA1

d67d13f6bd94bc4b4291872c703c537412797cdb
SHA256

58a7c1038481e1f2c86bf629d35fedcea7d70966d6bbee4537a84abc970b9883
SHA512

afebe0e02d18f4f5c591480d3e8e35cb734c0d7c288c6b67bc9540c0b1d105be473a56518781a00a882894045e515872d59b3b123fd3e39f3f3eb8c85888eda2
SSDEEP

192:2ValIsr0r57M4QxaFT8IQ/w1wvqa15LOXuBuLbdU8d:salIcIQ4QxaNQ/gg5LOXguLZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3260	msedge.exe
3260	msedge.exe
2964	msedge.exe
2964	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 3448	2964	msedge.exe	84
PID 2964 wrote to memory of 3448	2964	msedge.exe	84
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 4296	2964	msedge.exe	86
PID 2964 wrote to memory of 3260	2964	msedge.exe	87
PID 2964 wrote to memory of 3260	2964	msedge.exe	87
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88
PID 2964 wrote to memory of 3152	2964	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\35851ae9055a831806b062eee5b750bf_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd07be46f8,0x7ffd07be4708,0x7ffd07be4718
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3088902863273307317,6168301171746876990,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,3088902863273307317,6168301171746876990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,3088902863273307317,6168301171746876990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3088902863273307317,6168301171746876990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3088902863273307317,6168301171746876990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3088902863273307317,6168301171746876990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3088902863273307317,6168301171746876990,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff73e6435cafb46262936331e0c2cae4

SHA1
82b91ddc61e12949240917d116b9e9ad4ca31bb7

SHA256
3e2fffb1fbe5a212f56393fbfc36100006642e014a66500eed3be651696536ad

SHA512
a4839c9a64334e5d6d168f4093e4e22cba3e9671bb35abb52b1c704f398c2301fc4bfa65ff68c439e3771a4c93bcff71e7794259db14b1187b1325b55f3982b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ba8f829785f97b94699b54c36152ae81

SHA1
1b669b78ec0f48f192909c66a35908dcc1bdb9f0

SHA256
ec8ed1608625cdb079cea1b173c68f7cab63221181ada401c4ab2611cdd45a01

SHA512
2d0eca98dbc1ffc35481c506457742ab9b05b006890a953e176b264f50440a8bc4485e3b7937cb1159f6bbebaf5eeed07ddfc5640406fd8587bba7d8add76740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
76514e0635a076ce364033861cadb6bb

SHA1
ca23208b0cbfbff092cbcd85bd8c188ad50daf0e

SHA256
34473172fb6f5669e1de7e6f8ac3f1ace60405d9dbd9cb534510056c3b818d9f

SHA512
2df4bbc593d1e91abd80d19055bb7b5bd1afc7464ea163531c8a58b32bb47f10827af8e1891ebf0e2a073fb78568cb4cb675e548c9112e8ba350685428d1e1cf

Download Submit