b96b031346564bbd5f916470a5f07b3dfe254c4a9c97fbf0e77fbf90b1ab0075

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03-05-2024 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10949a9100b0f13dca5aa16ff8db92b7_JaffaCakes118.html
Size

140KB
MD5

10949a9100b0f13dca5aa16ff8db92b7
SHA1

91fb1192afb95dc6c824bc8949eec9374b36d4bf
SHA256

b96b031346564bbd5f916470a5f07b3dfe254c4a9c97fbf0e77fbf90b1ab0075
SHA512

b616f91f23aca6c2d99b6e5de6605fafb2ecc1f432a96b1f9613efab713f5538f13f49e35231e0ceb472008fdde19075cd62023c246e3c8fb0b138edbe9b0e7c
SSDEEP

1536:ScRTOTJGlGInyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:ScETFInyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2816	msedge.exe
2816	msedge.exe
888	msedge.exe
888	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
888	msedge.exe
888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 888 wrote to memory of 5064	888	msedge.exe	83
PID 888 wrote to memory of 5064	888	msedge.exe	83
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 5008	888	msedge.exe	84
PID 888 wrote to memory of 2816	888	msedge.exe	85
PID 888 wrote to memory of 2816	888	msedge.exe	85
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86
PID 888 wrote to memory of 4372	888	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\10949a9100b0f13dca5aa16ff8db92b7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88c4c46f8,0x7ff88c4c4708,0x7ff88c4c4718
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2933861104080225486,10082710660858990238,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,2933861104080225486,10082710660858990238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,2933861104080225486,10082710660858990238,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2933861104080225486,10082710660858990238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2933861104080225486,10082710660858990238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2933861104080225486,10082710660858990238,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5970f6256ebe3e516c8b584ee1237753

SHA1
76b0f388e5dad4c889e0d142de188c23eb6c9f19

SHA256
4d356c64276d00e1769388e609a3b547595ce41876d5d95f8c896f2401394458

SHA512
410cb25431bac03701782294370d64a219d70bee4a61cb1f3ea701179a80b1c766840fdb960a7773141d61b34bac1d2537b54e2b7fa696f84c632c194d4f9537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3911b97a30695e680cbce3ca99bc7e3c

SHA1
0069805cfbf6f020e33bffc1477ee780c078e3c3

SHA256
4b2e67c50339703ad185d9684076784bb831a14359a355fc34c10a1bca0fa677

SHA512
984a65950dae91d1dd45a02096aaa18dec015a384e6db35ae327bb39e6a1e2e0ca0955510d1cd7529379ae34f4fde72105dfce1a1fcc1e2de7d83bd9b7e6b6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fc9aad518f95ef27f527fc45cc06fcf8

SHA1
7be6d9f48072adc80e8de214374f6cda3b8087b5

SHA256
63a2e7a965696792b5bc80b05cd0513266c354453da04668ac2a37ec211af277

SHA512
e6f8e2aceb08efbab8d694c2ee928d8db542a14ea22d27f80fddae751ddf6bfb36469ce62db9f3ba870dd313b615f387d160ee0bd03522d330795fabff28a188

Download Submit