c965895ac6b7c8bf790b1fee55f86829f19372194f2e83b88fda7a4c7a216848

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e3d23509bbacd5f9d2912f172a04896_JaffaCakes118.html
Size

11KB
MD5

3e3d23509bbacd5f9d2912f172a04896
SHA1

660ecc93472b28bdd9c1f46334caf3aac31d14c5
SHA256

c965895ac6b7c8bf790b1fee55f86829f19372194f2e83b88fda7a4c7a216848
SHA512

08f15c661234f68d9f4fefe37631c001659507f430585c0717defa5c3ffe12ac993e42ecf35bffa4d37baf4e76fedd7a7e1bb8000c0919f34f98e33ce7273f98
SSDEEP

192:2V6lIsr03hC8k/w1wvqyJBv6n+zR60t01JauBuLbdU8d:s6lIcuhK/gcJBv6n+zR60t0JaguLZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
4820	msedge.exe
4820	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 2056	4820	msedge.exe	83
PID 4820 wrote to memory of 2056	4820	msedge.exe	83
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4648	4820	msedge.exe	84
PID 4820 wrote to memory of 4672	4820	msedge.exe	85
PID 4820 wrote to memory of 4672	4820	msedge.exe	85
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86
PID 4820 wrote to memory of 1292	4820	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3e3d23509bbacd5f9d2912f172a04896_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6a4b46f8,0x7ffb6a4b4708,0x7ffb6a4b4718
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8421270880927383785,16452586657574906097,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,8421270880927383785,16452586657574906097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,8421270880927383785,16452586657574906097,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8421270880927383785,16452586657574906097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8421270880927383785,16452586657574906097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8421270880927383785,16452586657574906097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8421270880927383785,16452586657574906097,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b72aea62783f80e337c38f5f3579f236

SHA1
d4da12a701541ab7b0303d7e941ce758be7b88a5

SHA256
93214e502406d0767c419ad8809f932cc28b03f7f6c7f83f88a379e9086daa54

SHA512
2a803365016aa493820868a4573d3e6237236875dfec268076514fe05c7b48a352f3503b6e4f20e67c93b2cbb096e6f5d624666406df6ad5defe1e330c32a04c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb493d531efe01b67e453dbb4cf5d819

SHA1
a0aba25cc61332e9cb885e1dccd58bd80cf7de93

SHA256
e5eb81745e2f6bc57f3f888c87f47d674fc1d503a544d9bdba60ab8746b8fd50

SHA512
2cfbb33ec7c0229e716b2665034f7c0b58e687843717134dab5b9a17acd34325aea9c208aefb38a7699120fbf043119692b2a2dc5a3ac8c9ffebf7f777c914f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a6564f39ab480c4d3f1a9a04f4bd78f3

SHA1
7d879ab64cf85f45b24396b955ff34fa22baaa17

SHA256
d9e49b6d00b7b5b7e0bc078ddf13cce89e679ceb9f7fd841c68bd685838d378b

SHA512
095ae444726cbd37db09aa02118675b0bcab035d7e731d98e7ad32deeeb0ff6483eb263798212aaf8fd64a3bb1d0dec76bdc57e229738b7ab39c84de9204dbe3

Download Submit