d743f378e14b0ca0dba5145d386335f92033291ffca3e1772143f23ff0b00dd2

Analysis

max time kernel
145s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35d778d681c109ba53034b7081758bf8_JaffaCakes118.html
Size

116KB
MD5

35d778d681c109ba53034b7081758bf8
SHA1

0a3824b88d4af16670b8bbac0934c36fbde63f63
SHA256

d743f378e14b0ca0dba5145d386335f92033291ffca3e1772143f23ff0b00dd2
SHA512

fddfa251427a2baf6f7dec41f2a95712623e57b7597ba78521983ac74dd2e7c163c406a031ddb806f9047392ea66849e632f10e48da552f885e7bb0a5b359509
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fc22nHAeuLAQeFx8vOtcZDK+4mp:safuLK8i6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2448	msedge.exe
2448	msedge.exe
3440	msedge.exe
3440	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 4928	3440	msedge.exe	83
PID 3440 wrote to memory of 4928	3440	msedge.exe	83
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 3056	3440	msedge.exe	84
PID 3440 wrote to memory of 2448	3440	msedge.exe	85
PID 3440 wrote to memory of 2448	3440	msedge.exe	85
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86
PID 3440 wrote to memory of 3760	3440	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\35d778d681c109ba53034b7081758bf8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91d1546f8,0x7ff91d154708,0x7ff91d154718
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,2645057766003831782,10799699052626979830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,2645057766003831782,10799699052626979830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,2645057766003831782,10799699052626979830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2645057766003831782,10799699052626979830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2645057766003831782,10799699052626979830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,2645057766003831782,10799699052626979830,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ef114995035845984bd37d92bee3e76

SHA1
1e5dea450c1d990d399a80259ce78f4dc7c8bc80

SHA256
4b426071c08699e3cd361cf10589063025da8c2af1124c578fcc594406c55430

SHA512
a1e4208909eed32e4fd9afcb11d8d9cdbf618148811feb55b787068fc8d77e28af6e9e84fb71d20c93f74dd33c51b67ce92f0037daf60b53bc187ee69dd15df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ec07a6791fce5f8ffd40077dff386b5

SHA1
6fd62808062c4a9114612b9dd3c5d3252fcc1faf

SHA256
5e97fe001a1c36dc38a588b41b49bf780e7809f0edcce4ed4e6583b009095bb5

SHA512
e04e58f251fc873adb72b7dede8a83002a8d095983087c97357b603b997167fd40d23a4544f65436c5a9262704aa60f8ffad296aaee0e822b0fe6980da6145e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
498dc4031a4089224bd9dd27af52b64d

SHA1
9374a897446c5ff7bf83c56925e91b8dc6b7bdad

SHA256
575e6e809d950c5494c2ed2cb7c715bad354b01dafc518499e6b48682cc7488d

SHA512
a8103cb6bf2874508e31c447677d2a2632483d10fd40c6d1689406a3d48dd9c5df281a4a73c1c7d94a6170edf58efe50dc2cae8a3089d8d00bb40cb0fb66fbc2

Download Submit