79a74468a32ada7457067524b0ffc40f333bc1ed44dd38600abacb6c183ef766

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

112134bdea96f00e2019cbd91b86df3e_JaffaCakes118.html
Size

214KB
MD5

112134bdea96f00e2019cbd91b86df3e
SHA1

91adb6318bac3d18fc090c2959e15b6d42340708
SHA256

79a74468a32ada7457067524b0ffc40f333bc1ed44dd38600abacb6c183ef766
SHA512

b56db51755f8797b4f7eb7f2d05266bd1cd2bf44566410d279727400ec6271cf81d640aa9dd706887f888d1afcdfd0fe441e50a1046aceb36cdc065b7cd479e0
SSDEEP

3072:MrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJW:Uz9VxLY7iAVLTBQJlW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
4264	msedge.exe
4264	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4264	msedge.exe
4264	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4264 wrote to memory of 2744	4264	msedge.exe	83
PID 4264 wrote to memory of 2744	4264	msedge.exe	83
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1112	4264	msedge.exe	84
PID 4264 wrote to memory of 1672	4264	msedge.exe	85
PID 4264 wrote to memory of 1672	4264	msedge.exe	85
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86
PID 4264 wrote to memory of 532	4264	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\112134bdea96f00e2019cbd91b86df3e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff685446f8,0x7fff68544708,0x7fff68544718
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3245593269589297314,10770187459137404623,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,3245593269589297314,10770187459137404623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,3245593269589297314,10770187459137404623,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3245593269589297314,10770187459137404623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3245593269589297314,10770187459137404623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3245593269589297314,10770187459137404623,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2432 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4bc7325ad93bc52869e4402724f4905c

SHA1
d15c5e18245bdc45331455d7af3c135bac3b04d2

SHA256
669f1e48c311cb9e5e18b3fdead3d086fff772686473ca695eadb0e21f392843

SHA512
c07b7c9ee579352f2437c731d160899b6fc3a53ed3fa746f3ee78910917fd9652a62a1b2bcfe6b2325572a5ab20cd732a7eecf0c4c08e178a77295f08cbc83c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b32cbca494839bf9ef4f647461dc019

SHA1
e0cc0bde42104ca464c3705dedd6b80db4955713

SHA256
36ff00a5ca877239979e2b02141610c0336e8f7cec3b8135efe9195be0f0713c

SHA512
3294ec1e03f0588b1b1cd6e65381e483abaedae79ffa53f28f7decfe41c4264c6c8f99a77752aa41b3fbc56d81461ffc956e37b4e5e28f01dd512e917d1c6d0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a14e0600e077f271b50abf8bb78b51fa

SHA1
94c02f54e935c217f6465970f67b22905be9c3a3

SHA256
fe6212f1b70de331caba2a792209e236ba81d9f82e537d4e4e82a6fafc9d1a65

SHA512
d7efba9fadc3cce2d8737d91de35d3e56bb274a26cda92ca71b83b975f236a610b1910a1c81a36ab681b6afd7f92c41a89d9ba0a292dff8db3154fb09eaa141a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8345d41c0c517f19db4d0caf30a482e9

SHA1
d8ca416dcf51834d2edf712cb8422d409d4ba7da

SHA256
fcf35c07266b8234a16062eb8f1030def8689ca780793f2c00a93d2bc8712480

SHA512
eba7da463c713055166c65dbc453c16eb54a3fbf6b1a2d35cb1f992478d57e5bda1658e4f8005b1f77d02adc959db766df9c45fbfe5057e89f62f73ff9bebbbf

Download Submit