513c8ffeaf16a26db6fd13bb7d5e3cc0b7b2662f2674c07d02c43b7fb9d1faae

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3da7e2af468f23b5caa4594ca44ffc02_JaffaCakes118.html
Size

121KB
MD5

3da7e2af468f23b5caa4594ca44ffc02
SHA1

2341fab3bed25e6604d3f2c67b893ff4b303f768
SHA256

513c8ffeaf16a26db6fd13bb7d5e3cc0b7b2662f2674c07d02c43b7fb9d1faae
SHA512

b29decfba1c13fa9eccb4f06cbf5ce26b124e39c042953e34d59bb04b4bbb242c53a9a928aed74568ecf7b5c78429f01d816d56de4803fe408634fb6d1841737
SSDEEP

1536:8GhKt4Q2VX7iZJqh+P4vn9ne7KxmoLbcNIM:TKW3B2mh+b7Ki

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3076	msedge.exe
3076	msedge.exe
4244	msedge.exe
4244	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 3452	4244	msedge.exe	83
PID 4244 wrote to memory of 3452	4244	msedge.exe	83
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 4748	4244	msedge.exe	84
PID 4244 wrote to memory of 3076	4244	msedge.exe	85
PID 4244 wrote to memory of 3076	4244	msedge.exe	85
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86
PID 4244 wrote to memory of 4792	4244	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3da7e2af468f23b5caa4594ca44ffc02_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb696a46f8,0x7ffb696a4708,0x7ffb696a4718
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10532803514360887613,8324172985969415691,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10532803514360887613,8324172985969415691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,10532803514360887613,8324172985969415691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10532803514360887613,8324172985969415691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10532803514360887613,8324172985969415691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10532803514360887613,8324172985969415691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10532803514360887613,8324172985969415691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10532803514360887613,8324172985969415691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10532803514360887613,8324172985969415691,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f710c64490c2a2980dbc7eb3b3194d44

SHA1
f4ba751d30222e71f5c6ee0664c66f1fbeec94b5

SHA256
61ea8bcb7ba0f75ccd21e5d0fbf7f2224e92d779f101222383d8afe05c6ba5a8

SHA512
5d9e5b6cdf89c444bdc653f8dde8e7d16d8fb81e288b4ac7a4501a197e3bb1b70f4d3b11b8f0be266eff74f260368526e527bc1396c5f0d0c4b53d876d642f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
706d9d64098a3b8f330d46a9accd9604

SHA1
e0102384247c8ed260a2d1b13b98f6ce1e2110b9

SHA256
0eeafbab7ec44a6218a2b50557983294f4fba74eb2f3979789ac4e398cb919fd

SHA512
0281fa605d2c761d7644e681728488d2ab85b963142bb62bcf2c0d2dfaf1d480f4c1c9c5a8d8f3ec7eba31535f49249d151eb774dbea82afcc9b89622725e8d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6c9b05934e535d92cb9bfa11ea10747e

SHA1
66e157becbe7c82d27a46e6511177655c5bb95aa

SHA256
3907562b8202a7cd866d47728928f9e05c79f431d10eff8dc29e8b92c36ba25e

SHA512
10e233de8b449fc9d6e448f9df9672a05821f01959f8afdeac5a43206236454f1d270695b94747b201d2bbcbcdf2ee9173f024e32d113bf353075dc1e2349ed0

Download Submit