d81da8283433717e073aff48371c878c840f47bfaf2261ed7d88e6f6d85ce422

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 13:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1306d87c299e71db127168310e75d569_JaffaCakes118.html
Size

118KB
MD5

1306d87c299e71db127168310e75d569
SHA1

85bfd7dfe8b0590d0b458f974694c2d51bfefa73
SHA256

d81da8283433717e073aff48371c878c840f47bfaf2261ed7d88e6f6d85ce422
SHA512

47e546b1855e8a24bdd7da2d96df2461c2e46cf903db47b807a55cc4097acf87255196d0dbb5e5ef669b825551398f000eb96ff129f5eb9dd3fcc4eb40e4640a
SSDEEP

1536:Sn4tHxyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:S4tHxyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
988	msedge.exe
988	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
988	msedge.exe
988	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe
988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 988 wrote to memory of 2652	988	msedge.exe	84
PID 988 wrote to memory of 2652	988	msedge.exe	84
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3424	988	msedge.exe	85
PID 988 wrote to memory of 3976	988	msedge.exe	86
PID 988 wrote to memory of 3976	988	msedge.exe	86
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87
PID 988 wrote to memory of 4752	988	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1306d87c299e71db127168310e75d569_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc84fb46f8,0x7ffc84fb4708,0x7ffc84fb4718
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,8993917249338653281,5421696592351465344,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,8993917249338653281,5421696592351465344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,8993917249338653281,5421696592351465344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8993917249338653281,5421696592351465344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8993917249338653281,5421696592351465344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,8993917249338653281,5421696592351465344,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e25309326f3af0b1dac01eeae2b220ea

SHA1
0a543af37bb50cb9c1fa340a35a3911f90980c2a

SHA256
4b0590d6f0cc5af8730b952b0f62c845c5dabdcc4fb923287cf9452d0b3e4276

SHA512
97d2353cf93e0b7b28c8a21f82c0749fb617db967cf2c2af5bfa5b3d88e2341a5537e05d7b6d5f24af1e7d57007b4f30d1bda4f6a2358f87926b4f169135596f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db8a2fee035ff9d20c6b1a0062f8840b

SHA1
047cf5c2e72783b3810eca66ac2cb24cfabb1fc2

SHA256
2d011c034ebfada41be12dac43f2086969d5bbef6dfaee70b4c0ae12b888c368

SHA512
3f1abd4c28668a201006c7761c547e0ac708c5cf37408378a117a6dba38b8f8f7dc336bee97ed33b90225c46e76a66fcf8241c6c473f0640ec83756a39b5dfe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d3ae88a2723f12af9966e6089bc70a88

SHA1
d17e99bfaafd87354f95247bcfb5e052cd9ceb6d

SHA256
3bf521e8f2c5bd015daf6591004b11b56ce026db4c92843c5aac74177af52dc0

SHA512
5dd0f5574bd2302c1b92c84b49ae1c13892900a04a1501d1709d3b805bdefadc22c23a78265dd5aa2356f1fea88e0bde28d4de8aae67373fd07cb3a11042109a

Download Submit