5eebd946877b7ef5952997e1da75a50436c09b8875c141daa9982986d1a38b34

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 12:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3911e080672946c14765d4f4ea457a23_JaffaCakes118.html
Size

35KB
MD5

3911e080672946c14765d4f4ea457a23
SHA1

dcca900f428241986ce6f0cf69785b284e918db8
SHA256

5eebd946877b7ef5952997e1da75a50436c09b8875c141daa9982986d1a38b34
SHA512

abb88d3c51551079ecef0971b2e6dd9f1bc3584d76937ffcb506f038e6d8cb2e38444f6a8fd487356b4aee48e24abb2f4faf5befdfac23b7f0cb7cd83418fd87
SSDEEP

768:76gfrIqADpIkkWYV4yTzwQsKhRaVrFasV73eC3Jqyzcksu//JPHK1rpvJ45SvySJ:76gfrIqADpIkkWYV4yTzwQsKhRaVrFaN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
320	msedge.exe
320	msedge.exe
3112	msedge.exe
3112	msedge.exe
592	identity_helper.exe
592	identity_helper.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 1592	3112	msedge.exe	83
PID 3112 wrote to memory of 1592	3112	msedge.exe	83
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 640	3112	msedge.exe	84
PID 3112 wrote to memory of 320	3112	msedge.exe	85
PID 3112 wrote to memory of 320	3112	msedge.exe	85
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86
PID 3112 wrote to memory of 2056	3112	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3911e080672946c14765d4f4ea457a23_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7fff615746f8,0x7fff61574708,0x7fff61574718
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4357160861308916945,14458340639512992036,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,4357160861308916945,14458340639512992036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,4357160861308916945,14458340639512992036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4357160861308916945,14458340639512992036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4357160861308916945,14458340639512992036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4357160861308916945,14458340639512992036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4357160861308916945,14458340639512992036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4357160861308916945,14458340639512992036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4357160861308916945,14458340639512992036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4357160861308916945,14458340639512992036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4357160861308916945,14458340639512992036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4357160861308916945,14458340639512992036,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5428 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2bf54e9bd098311c4fa5b7b7584feb1f

SHA1
f93f374ce872a7bc987a1b00134749d808ab625b

SHA256
604191fa86ad1d7299aaf6559b346566fc6e74190d50b375abb133b2a0342340

SHA512
c0a1eadf06530b19a1371871ab85135bc85435a028275790715b331999199f36ca7447d4ffda30a6ad39aa21397d28a84871d4324e65730a92896b760457a416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82a0f20c00e675cb56db1ff9d1354936

SHA1
766b21b26965caa65e3b4f91bd753412732b4441

SHA256
366a6febfcd6f679af88bb75f4191baa75f2f4d3829ffdf8daee7e00068c104c

SHA512
d68c621557590a77e7a7ba67b2aed4426f8f4930e8bdcac46b0473d3df2050877b95346a1de71404ce12dd4eeb1a3574a541964e277cc1ee8dc5f7bc385867f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c2e1b476e9d55e4e9212d8ba9db32ff0

SHA1
a9033a05eb93fc26d8563b9a9a6fd5a3bf7bfe96

SHA256
949897ba359c7871f527608347d3135aaae2b32e0fc095b455aa89be49456ec8

SHA512
84a2b3abc943f5a71a2be4efafbcbb6302aaca42b11b72fc0e9c10bd7ce18968ccc83826cd84b98fc0e903cf6b6499affb8dd3f8289767d3bfd632114b2406bf

Download Submit