8da6c72d51415338c58f456e8e94becbb1e4f04d7d2a1a834f36a7ee050d9ed5

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ae468df5c2d1f52240160d9b4f13aab_JaffaCakes118.html
Size

322KB
MD5

3ae468df5c2d1f52240160d9b4f13aab
SHA1

3ef9dcf28641c3f6c1c42eaa47bc81935701a0ff
SHA256

8da6c72d51415338c58f456e8e94becbb1e4f04d7d2a1a834f36a7ee050d9ed5
SHA512

4450705c5f737d558a6b99e8c8af0baae32772eefc459c428fcb413e5587b2267a4271bea3f51753cb14736899f988bff6df042870e748f2a272e5395cd6fb57
SSDEEP

1536:NYesgov0R+0uayX2w4AKN3aD6frTCQ3QhV5izYf4hDVZ2ieJnsqaYIrZf1EAYXU9:NNkT2DAyGOQpiEGxneJSwSVR2TtZw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3212	msedge.exe
3212	msedge.exe
2856	msedge.exe
2856	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe
2856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 820	2856	msedge.exe	83
PID 2856 wrote to memory of 820	2856	msedge.exe	83
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3528	2856	msedge.exe	85
PID 2856 wrote to memory of 3212	2856	msedge.exe	86
PID 2856 wrote to memory of 3212	2856	msedge.exe	86
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87
PID 2856 wrote to memory of 4232	2856	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3ae468df5c2d1f52240160d9b4f13aab_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd1f746f8,0x7ffdd1f74708,0x7ffdd1f74718
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8594519002344623476,4835091432632298892,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,8594519002344623476,4835091432632298892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,8594519002344623476,4835091432632298892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8594519002344623476,4835091432632298892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8594519002344623476,4835091432632298892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8594519002344623476,4835091432632298892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8594519002344623476,4835091432632298892,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
33772ffad55cb8bdb2029e29f35f882e

SHA1
6f2be043098125caaa325aaf0826e1d2ae61d4c1

SHA256
cf8435496530f7048a0f4fcfbac6b8df31d73e510f6ec2914da9957a49ad6d2c

SHA512
f65ceeaa79602c7b43adba588317c501675f90437f4e8dbbf30788d969ce22008aa662163800dbece7a9661a1ae314e979819368630e9317b1fe729a6b7df78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a2e1547ed3437f43d2477747ea76ffe5

SHA1
b31932fa9468e61043a4c0c433ec0cee3800bb4c

SHA256
b21b2fb6ee3fbe52aadd71f9440cf1523390eb8cc6f21b92e3830961a412992f

SHA512
8134f4645ca5a569c22f613f528b3a77edae154dff2b9395f381c466f788030d20af3d3140c78cea2ac9d8154f7fa5085f5ac5bae9ae81a0d8aa05d18592f222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5252a01af687cfaf7f9378caa18ea81d

SHA1
67221574e84635023c33c13f2f4d0543e7caf68b

SHA256
d2c76f8386a68206942bfeb110288cac82173f64942f2ed8fbfb59dddc22023c

SHA512
2d86ea691e6e65cceb488dd598df2c6ee8886f5b92c427cc87e6f8861810a689f3db8705d2c3f17412c2dbbf8204835d5bb3fc190296889602b13fd37f9e9727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
301239a5a84942f06d8ee7c88134caf3

SHA1
87fa79a33e33f1e54d617c1975692bf78e3224a0

SHA256
d094d52dad8b02cf97b6585a1fd1465aececbffcfa93bffd10d792cf75633d14

SHA512
0fdbb23eebfae68b9449c4ae5a7981fdf5fc5398a7f2852859b7c907338d370df0bc277464680f25bd27179ed9daff22e8edc8934a62fe7f330b0afc43ef9305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f28ecdd1731dfaf6a434916a76eea852

SHA1
dcfb6d1ac1e92628abe12f95c0cd617bd33493c7

SHA256
88e4723b0fdb867cd32fd3da7ecbb768eeccfa5500c3a91af5708318da31587c

SHA512
c336f2816255a6e3044ed9cd1e54230a0f4a8aa5752575850ab998b401d2dd6c382921e00354132de26b262f2115e6f3bb1318aa126f4830c77c4da1ddca9207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
82ee769504585403a0ff74381b04ba26

SHA1
ed0c37630298343c396d0a28c21e346bf6a870cc

SHA256
f4c634e00eaf34bf3fd59bf0246248b99b446a8ca2d66cc58e9a5f31750e0b42

SHA512
1ac2d8276bd224509a2fd57ba3b9a66b13abc1392eeeb71d86cccdbf0a73e32998729cfbf42ebd1dec0aa1c2e51c212ba7e6e593e59c6f976f2a97f8eeee4b5b

Download Submit