36a4d92d574d2de5f61044e6a5555d57ff0192092f60f82a6de58ac06162ab1c

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 06:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c598d779de4bb72cf7c6a3b95a6d863_JaffaCakes118.html
Size

35KB
MD5

3c598d779de4bb72cf7c6a3b95a6d863
SHA1

166483e91fa9bffe2b40e2f484d7fcccacfc51fc
SHA256

36a4d92d574d2de5f61044e6a5555d57ff0192092f60f82a6de58ac06162ab1c
SHA512

e4752772b86ec37b81424f8d0a68e2ff7fbf6a033f40853224c7d64483d97f087a747648a7009f750086c86d1c33129fceadfcbff96d3a749fbac1d3300b61e0
SSDEEP

384:uQuNnd55Mp3ynCZnaIOQuNnd55Mp3ynCZnaCyRLu4WizkIVQuNnd55Mp3ynCZnau:qxH2AkUAo8wNEXY9pIi7sb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2796	msedge.exe
2796	msedge.exe
4792	msedge.exe
4792	msedge.exe
4504	identity_helper.exe
4504	identity_helper.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 5072	4792	msedge.exe	83
PID 4792 wrote to memory of 5072	4792	msedge.exe	83
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 3308	4792	msedge.exe	84
PID 4792 wrote to memory of 2796	4792	msedge.exe	85
PID 4792 wrote to memory of 2796	4792	msedge.exe	85
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86
PID 4792 wrote to memory of 2324	4792	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3c598d779de4bb72cf7c6a3b95a6d863_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6b9446f8,0x7fff6b944708,0x7fff6b944718
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,6196780094093674782,11955354042395216834,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,6196780094093674782,11955354042395216834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,6196780094093674782,11955354042395216834,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6196780094093674782,11955354042395216834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6196780094093674782,11955354042395216834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,6196780094093674782,11955354042395216834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,6196780094093674782,11955354042395216834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6196780094093674782,11955354042395216834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6196780094093674782,11955354042395216834,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6196780094093674782,11955354042395216834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6196780094093674782,11955354042395216834,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,6196780094093674782,11955354042395216834,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\38d5fdfb-199d-475d-966b-92cd541454eb.tmp

Filesize
11KB

MD5
092dc6f9f58ae1d49ad15f708d09df27

SHA1
e0eb35f63b0aed5da68eaa6763b2892c11e75b8f

SHA256
a754bf436b1c991047bc1c6e099f21774c56c2ff8da0b21a0606fe63ee83baaf

SHA512
3ec59c02fc2ee0964fb4357b37a42bac6a9f9bfc4f4d61ff5e9da065b4abf881f41f22afa30c1b2c5d73ba7c6b0c34cf7092ca646072a57816948dd2785952f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8dc45b70cbe29a357e2c376a0c2b751b

SHA1
25d623cea817f86b8427db53b82340410c1489b2

SHA256
511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a

SHA512
3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1790c766c15938258a4f9b984cf68312

SHA1
15c9827d278d28b23a8ea0389d42fa87e404359f

SHA256
2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63

SHA512
2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
268B

MD5
eaf77b584cddea2eb0f910e4decfe0cb

SHA1
47e987c761754eac186931f4b82666bebc940624

SHA256
cdb3c722341fc28662b9fff7dba363500a36a5346b284cf87f46c46dadd9446e

SHA512
f3355e7b199ef6cbcd2c63d14a73e71408c106f9f556e7a012f644c86d6202fc44aae6162d269e54fe8e8d96adac2ecf343179402c35386b5ffc760110760f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f639b1e2082dc11f0bf21cfc4627d14e

SHA1
3c65f9f938146540d79681c4c7e158db08c4b98f

SHA256
81cff7695754622c58ff6e6eec0eec40d45decbbc13028db6464189eaf61ffe7

SHA512
4275ea0f882ee614d853bf5f6ccbeba44f175447a45d93bedbf0d023557324169dd14e46cb76a8fd51015c0accb79cfe9b24c4d862e0ff246b6c0f7b4d2253da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd1fd0b3fcdd4c4d0a7ea02f7ac602f8

SHA1
8cb74c9e5905213412650e86e0e7940e56965979

SHA256
b667ee2606233b384bece6160dd001532e3678d3358152c419e509c5b2a63f1f

SHA512
836586a3a5fa4b7881352bf93b015516c00e21036767bc1f8bb2eb12722bc40362227d239fa042ca3f998724638cdf955923d71d50876bdd4df2ca5805085f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f34eee63f4f75f7e0ada238e5f87b283

SHA1
cf0eba6f375ead0192d487e8d4dd677c4325e53b

SHA256
c5e3e4a232d55806d2286c0432c3858ae4b820f6cd8c1403d0fff00dc0cbb697

SHA512
86f9bada45df83bb92ded0cb982714691c303fa4921dc0cdb752709e5867e149753558b7a2c6fc477adca37d82b1b6930c9e4f8d46ad7822d6b4e7ca246746a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit