54a758ba07c241c492dd3d640367d7ece4de6b2bb3888e80c9e43dfe539d963a

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3875a4f291d7c793b49b86175a8229c9_JaffaCakes118.html
Size

13KB
MD5

3875a4f291d7c793b49b86175a8229c9
SHA1

161b69157f43bc9c387f0b6dccbb2d1bd647c3e9
SHA256

54a758ba07c241c492dd3d640367d7ece4de6b2bb3888e80c9e43dfe539d963a
SHA512

df849bcd3f66605d104f9172cd772bbaad7854172185deb78f126de684086d462b5a113246a1a25ea361fba664e508f500f0484d7b71ca37d09b37a0aba2f63a
SSDEEP

96:vZD83PJIRcKcpKnsGz7fppYGuN5bLD1RchAqp9xbsCC6QsvX6Tsz866CsUphsmKO:0uRcCGPhOqqjNR3ZmfQgccGhcw1MW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1752	msedge.exe
1752	msedge.exe
2724	msedge.exe
2724	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 3568	2724	msedge.exe	83
PID 2724 wrote to memory of 3568	2724	msedge.exe	83
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1080	2724	msedge.exe	84
PID 2724 wrote to memory of 1752	2724	msedge.exe	85
PID 2724 wrote to memory of 1752	2724	msedge.exe	85
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86
PID 2724 wrote to memory of 4560	2724	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3875a4f291d7c793b49b86175a8229c9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9549c46f8,0x7ff9549c4708,0x7ff9549c4718
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17017130345157335624,15600328726105789563,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,17017130345157335624,15600328726105789563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,17017130345157335624,15600328726105789563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17017130345157335624,15600328726105789563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17017130345157335624,15600328726105789563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17017130345157335624,15600328726105789563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17017130345157335624,15600328726105789563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17017130345157335624,15600328726105789563,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2f73799e1406a561659c44a098af4fd

SHA1
531208fe1ad3c510c24af7fe5a50d102e9395d94

SHA256
5864bafe1e55524606462c199ece45196dbbe115ac1d9951342ac47182b7b286

SHA512
75c5d0e6fdedafd593215fee2f15944dbcbcdd9a140518f74a82d6f18b5d7fa59e7e6ffe457856ece6dc8ad9a5a6cf9ea3df64558598ff3fd2b9bb6adc8c3613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c011fd85497d3d94f3347b8f584e534

SHA1
7540f020f4d6ee61f6e71280a627d95b3259c351

SHA256
e61b0144a355d62e54d7ac9597161653cc52e048df2696f9d5ca7a4737f905f4

SHA512
f24d37bc971168a9cdbb4d7312631109a84cf9f39e200c7db3e22d08b8329a9cec9c0b6c66ab61c478d6c45dd33030ea5f3492cc1c4d9ea6e8587d931ff7e75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f10fa1398be94381dc07b7627332c414

SHA1
70d27b75abd4c4844909b20f2dfcf6061e4ea114

SHA256
01320466b200a81029aef2e39d18aed2f59bc6d13573330e831a8fdbe6c98b0e

SHA512
e290bd9718565fa9eba65a165b04eee9255f5d8e1ed2ba8b5221d36b14e7c54c6eeecd5e8a14d933734b2292d491f2452e1901de103f75695b16cf2ef66556d2

Download Submit