d8c30cc3a4d14e77a13730108dce55f964e139dede2e413b6186bf81d4d72bb1

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38ecbfacef339b54989817914eb25142_JaffaCakes118.html
Size

11KB
MD5

38ecbfacef339b54989817914eb25142
SHA1

34abe67357ddf6ae9edf6cbfe24f74c0abc0de6c
SHA256

d8c30cc3a4d14e77a13730108dce55f964e139dede2e413b6186bf81d4d72bb1
SHA512

de05a3d1461b8f0def4576411b8cc11de2ce027dc6ac7d1f15f088ce0c85010a4948408802e363b1493dc666e5206557cfa6f53d8cd3887b8723e00241899323
SSDEEP

192:2VTlIsr038d8k/w1wvqyYBU/nNYeFht01BLOXuBuLbdU8d:sTlIcu8f/gcYBU/nNYeFht0BLOXguLZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
2704	msedge.exe
2704	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 5008	2704	msedge.exe	83
PID 2704 wrote to memory of 5008	2704	msedge.exe	83
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 2280	2704	msedge.exe	85
PID 2704 wrote to memory of 3092	2704	msedge.exe	86
PID 2704 wrote to memory of 3092	2704	msedge.exe	86
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87
PID 2704 wrote to memory of 332	2704	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\38ecbfacef339b54989817914eb25142_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfd2d46f8,0x7ffdfd2d4708,0x7ffdfd2d4718
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2847685362880096574,1531400681499947998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2847685362880096574,1531400681499947998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2847685362880096574,1531400681499947998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2847685362880096574,1531400681499947998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2847685362880096574,1531400681499947998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2847685362880096574,1531400681499947998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2847685362880096574,1531400681499947998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ab4de8f4f39fc3c2cf2ca8eb27aabd99

SHA1
a31d74ae4d395a52d1995138886677f0363a1d43

SHA256
b22f9a32536ed8725b5adf8deec3239b7bf50783142d7a35c6ba17032475b55f

SHA512
89a59905f2ebcb77c5b84e6315d975ed30f7b850d34cd8cb3c8d260083892052a1ccd40326857a7379a45879a9cb2f94ece0a223861e5626ec3c38cd8d4befeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f268c278a896da76bb6e94147ddb19cd

SHA1
1580dee9e9b61c17551a28738c508d68bdc6fea1

SHA256
91897e2924609a84fa63a916ef6f3bd4523566efadfbb936f7ff3b6aa63be90c

SHA512
ae527309222c0cc4a2fb55d608c66a2bb121a6ebf26448e031e76ff9c013a6a920fa0b5397ae5bcc44fda38e50f68e90fbebd0631550fb90eee42d7c7d62e775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
87a460d634e3ba1c77cd76c3000b82df

SHA1
4c1fdab636ac1e9677643e42aae726d06a8096a7

SHA256
74808185c1afd7c24db5cb1795f2b71114e272175ddd4306153ed8dd208e326a

SHA512
c40526383ce4aae2cd89e9d9933e320b64caa4a1a39d94cfed8a656e03ad29f6da54612d9cc8297f4746b3b52655552cfd51fd779582092b1ed4b05795a353a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
244e678cc60f73af74090e8dc1e0a574

SHA1
93e78e83cc6613edfacd50648f8888ae8f431070

SHA256
60ff05283f687df0db9ca21230f4cd8d666a714e0ef2db97a3fdcade3783dafc

SHA512
a6992538264b8e8a14ed8a26b32f35e1666f98a56f126c5aa79e1e952fe36d8a294da3b0d60251d8e80dde6540d6eac5e16a0d2d3183f49bbcfb100a3e844bcd

Download Submit