d13e25ee63076329906455bea52f2f5bb4b9f77d9e57c4b22d5d7097e8abd148

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 07:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

384884ccbbd79c728efaeb19e81f40f1_JaffaCakes118.html
Size

11KB
MD5

384884ccbbd79c728efaeb19e81f40f1
SHA1

acbf8562068cd21743dadd7ea00dce720f7745be
SHA256

d13e25ee63076329906455bea52f2f5bb4b9f77d9e57c4b22d5d7097e8abd148
SHA512

89b8319ac420f0cd6cce57aca164ac37ad0fa37434febe099f874edd66726dcbc4fecf8be4fa2b8d5f9e0721dc406d9f2854aa34aca3334fc7f767451400169c
SSDEEP

192:2VvlIsr03k18k/w1wvqyJBvZrn+zR6R01bAuBuLbdU8d:svlIcuk3/gcJBvZrn+zR6R0bAguLZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4200	msedge.exe
4200	msedge.exe
4436	msedge.exe
4436	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4436 wrote to memory of 4460	4436	msedge.exe	83
PID 4436 wrote to memory of 4460	4436	msedge.exe	83
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 3396	4436	msedge.exe	84
PID 4436 wrote to memory of 4200	4436	msedge.exe	85
PID 4436 wrote to memory of 4200	4436	msedge.exe	85
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86
PID 4436 wrote to memory of 4900	4436	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\384884ccbbd79c728efaeb19e81f40f1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd45cb46f8,0x7ffd45cb4708,0x7ffd45cb4718
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,12232344699071610774,14554062166219548282,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,12232344699071610774,14554062166219548282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,12232344699071610774,14554062166219548282,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12232344699071610774,14554062166219548282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12232344699071610774,14554062166219548282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12232344699071610774,14554062166219548282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,12232344699071610774,14554062166219548282,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
8ef57aafe0beb8fd7a103c338db6ee6b

SHA1
d2cd905a453cc72d4cffb8ea31448b758ccb35a3

SHA256
03a4405f1896478bd3f768f53d2f8efdd0ef92d458605ba634849a56b4c69976

SHA512
6a0245d5ddcc5c3170c09cc89a2fbb2db0f7e78c2fabce8204bd91024542a0a18dbbbf8dc920b5651d682bdd07598a600d746d587c4bf379e24a469bae8c6ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f619f60ae9e13d40eb4573c1217e07e7

SHA1
aa06be2f4d092541df2ff78f362a5558c0e41b5c

SHA256
23ea7f6da4cf2805af9a09578b135e31da0164a166ebb65b6715f6dd3eeb33fc

SHA512
b3fd7023f5b5751483b57618329d713e1a444ec773cb403e9590b7e27254f9fe470418397c9a02be00c97b1928b4c9f8882137d6c275fdeb26de5f8d32b29dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
852dfb8dbe752c5c92a2474d2471f445

SHA1
b5c6a9262e9e900134616557a812f382c94984bc

SHA256
c8f502d9cabf086dfc7a6a5a8f9792ce307ba021f8c9fb9886790088cd6a1740

SHA512
5aa95495afc2a64ab8cc02879907659556ee55d0067b112de6cc845cbd9a6fec7cf94715f1568e4e0c4ed9e3b6f0a8ed8ca2e4dff56ade3ea77d0b05165a400b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
56480ea7d1c26f231f8f0107dee9c5e3

SHA1
6787e86dff82b5bb3cb97478e229a889c1837aaa

SHA256
fd712fcfa771906ae3b231160910a838993575a69d00c7b7f261c7620dd429cc

SHA512
fae09c6db618b9142f7b8eb7dbe1e06efee02daa57e1388b7f05c303c8361e223bf56e933fbec5a9a68fba573751a817f5e0b9ad2d78a4598406186d58d34c2a

Download Submit