7ae7c12170426b0cb8ea9f6e77a0796e041bfc7a27f049e8d99d16b88065d9f1

Analysis

max time kernel
148s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 00:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

067758e1804f5a07302d1080ba554863_JaffaCakes118.html
Size

7KB
MD5

067758e1804f5a07302d1080ba554863
SHA1

5be8a492ba79e706a43d95ee776e158e8e8f5e52
SHA256

7ae7c12170426b0cb8ea9f6e77a0796e041bfc7a27f049e8d99d16b88065d9f1
SHA512

abf049b5ca9423908b6f77b0b9d553f780d3a809e6972724b1db06e1524c74b32379ec873cc5c6e51523d9fa0a289f273cb113102ce42e4b1c618c79ff530013
SSDEEP

192:TdvR/pgB8I33ut87ikQLy3GzoMFKExjnk+WMEY:O8g33gLsGE1Exjnhd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2256	msedge.exe
2256	msedge.exe
664	msedge.exe
664	msedge.exe
3556	identity_helper.exe
3556	identity_helper.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 664 wrote to memory of 1840	664	msedge.exe	84
PID 664 wrote to memory of 1840	664	msedge.exe	84
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 1908	664	msedge.exe	85
PID 664 wrote to memory of 2256	664	msedge.exe	86
PID 664 wrote to memory of 2256	664	msedge.exe	86
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87
PID 664 wrote to memory of 3944	664	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\067758e1804f5a07302d1080ba554863_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffd8cff46f8,0x7ffd8cff4708,0x7ffd8cff4718
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,12622471065280352266,18372301748913514705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,12622471065280352266,18372301748913514705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,12622471065280352266,18372301748913514705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12622471065280352266,18372301748913514705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12622471065280352266,18372301748913514705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12622471065280352266,18372301748913514705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,12622471065280352266,18372301748913514705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,12622471065280352266,18372301748913514705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12622471065280352266,18372301748913514705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12622471065280352266,18372301748913514705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12622471065280352266,18372301748913514705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12622471065280352266,18372301748913514705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,12622471065280352266,18372301748913514705,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
507B

MD5
5b769f88fad4f3d7488b93028d8ad03c

SHA1
531d7890640be1a965c218363ce4d77ae4c20e28

SHA256
8fc63682b81bba385b93dc5e4485e6e01a2dd53de5ae6c500a79ee414c869c73

SHA512
138cc6ec613297b9712890a2ee857a1b6c34be6441f13ae6d1668709067fc956044cd62b9513e36e90e5671a6357a81c193389db096e9302af616e80c2bc8147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38d91a3196382b0f1f9fd2f79c09a751

SHA1
81d55069f53662fb1d65c3a84b9552c62896ea1e

SHA256
548b44a00afa5d040fddc186ac4a679fb54d799cc41fe57e2bd81ad52a675665

SHA512
4f16251aacec7a3345e8f0fc36820ccdaa2e429a58e5edfd1464d8f1c51734385276cf22dfb2eaecae9911a39a940d9f1eeac0b0ee11245903b3a3992c9ddc62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f0913a4683a1b437b3d3617a261d8219

SHA1
a80c977becb81c37111ebb52bf993885e322b95b

SHA256
e6290f6a21402bba25069b1d4c5a6b68f37c5ecbb5fda21b1f66e487a60ae329

SHA512
aefad4447c8df966a176cacd721513691cf8969ed63e1c9f96fe28a06e579a2466b2949ad893cd003a75c52c66d6b6691ece5a67895f0e38077766a5f2ff9652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
baa0c5d0fa44784e5082dfb5d15d13d9

SHA1
beb33a6f1a8ea1d1e266d073524d579d8e9b2e7b

SHA256
cdf5b45aada931223ab16d1953adfd13e3ca0150e0341ff154447fa97e8216b5

SHA512
c9a9cffd37ce09521b62632d7b14a855fb75536c93b35d0d1f47f31ab9b940e4f2f7803189ec173826316e0b8f33824d3c8bb2bd6c9adde9540f76e710afb649

Download Submit