4368cb8d4a06b717d8f0979f1bf6000ad6f69b73c599509ebd363438c410a620

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a7bc6f933c21b9ed4ee822ee5dee009_JaffaCakes118.html
Size

11KB
MD5

3a7bc6f933c21b9ed4ee822ee5dee009
SHA1

a8ccf06fb53b7719c8a1b828d40860bd63028854
SHA256

4368cb8d4a06b717d8f0979f1bf6000ad6f69b73c599509ebd363438c410a620
SHA512

f9ecd3be4221ee0a282cc22d5ab956424c2dac8cb63bb87c88bb2a8d04417b255f9ca8e5186120781309f5ce67c609b8c7950cc7398b281c2e6f1404f84cf5b2
SSDEEP

192:2ValIsr0r57MCxhT8a/w1wvqa18LOXuBuLbdU8d:salIcIQCxv/gg8LOXguLZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
932	msedge.exe
932	msedge.exe
1520	identity_helper.exe
1520	identity_helper.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 1612	932	msedge.exe	83
PID 932 wrote to memory of 1612	932	msedge.exe	83
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4432	932	msedge.exe	84
PID 932 wrote to memory of 4248	932	msedge.exe	85
PID 932 wrote to memory of 4248	932	msedge.exe	85
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86
PID 932 wrote to memory of 3420	932	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3a7bc6f933c21b9ed4ee822ee5dee009_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab7d146f8,0x7ffab7d14708,0x7ffab7d14718
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10971933652606948689,15690876861753619571,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,10971933652606948689,15690876861753619571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,10971933652606948689,15690876861753619571,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10971933652606948689,15690876861753619571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10971933652606948689,15690876861753619571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10971933652606948689,15690876861753619571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10971933652606948689,15690876861753619571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10971933652606948689,15690876861753619571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10971933652606948689,15690876861753619571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10971933652606948689,15690876861753619571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10971933652606948689,15690876861753619571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10971933652606948689,15690876861753619571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10971933652606948689,15690876861753619571,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8dc45b70cbe29a357e2c376a0c2b751b

SHA1
25d623cea817f86b8427db53b82340410c1489b2

SHA256
511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a

SHA512
3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1790c766c15938258a4f9b984cf68312

SHA1
15c9827d278d28b23a8ea0389d42fa87e404359f

SHA256
2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63

SHA512
2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b2b88460f1452e5995238d32c85bf238

SHA1
f161ed1b8d3b93715f3a9075f38c55e1fb006f24

SHA256
d1370367b9bc1c090636b12838d290dfd1fa3d16053de66b06539bff1a310397

SHA512
5d258dd83154065c957e586e882c78e81a6196cb6035ea8b2bab173fee531d5fef90e8b80828883aa1064581597b376323aa64f03b16cf55674879d611838c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ed3563b8ae5aa351c0e3159b305c3c4

SHA1
e933d485c7a906557c82189dbf5feca1e667c91d

SHA256
95404a64b4f1c7b3d65c6ce237a7a71c10c165d60fffcd39c134e7a7b316ac9d

SHA512
cc3794155f1b9bd0017ec05c5d5f99114d8664e1ee89325a4f4e993d4203cc6c83962ee65892c902a8fb8b15e91556d28430cfb0b63f650bad03df75499b2db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a81b6767ac799e8ea914bc6c5eb54e24

SHA1
e59ad51c1f56cf3d7a84560e2fb2ea02df92511e

SHA256
7c9285783b7d3d82858ce5bee06ec64613764e8f45c864d295dd462779b6f993

SHA512
76ea89d8828a6866a452b217352bc777417def031c9d15419a622019c9814bac11832ba390946030777fe24b3d0c7a5d2a85fe31fb20b554995650c00625f182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e1a3bf380eafde1987f1a1c4fe7fa94e

SHA1
e9cdff78cb2b6cd3a7fd3999eb8ff8c85225ca79

SHA256
6e439abfa1286dc64e6fe189bb7e32a7ea644a5ed08a3d76563c97d5080755a8

SHA512
18e39d0afb8fa003ffd024bbfc22fa085222c6e1b9ed99d5625077f8344329340aac5f6e8ba7cfc9b44c14b4a149826596ac5e8f182af564d0ebb1768d8e01ff

Download Submit