56e0123e161768259869538dd48250b32a5ab6240a3b3c84bb7f61ea26089f77

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f02b890aba7f62a71f6d2018e0ae928_JaffaCakes118.html
Size

31KB
MD5

1f02b890aba7f62a71f6d2018e0ae928
SHA1

4e70ac019a352f8f6980a39b365a9549e39868c3
SHA256

56e0123e161768259869538dd48250b32a5ab6240a3b3c84bb7f61ea26089f77
SHA512

764d9c6b09256ae0aa77afee3ebfc5edc759207153948497765d823d675d40a4c13e7b298044924bddff11b739e7854029a63871758ed52af4fd23ff9cbe6dcc
SSDEEP

384:KwzW9c7iuo4Oz1BGdj4vk8knZp3GsoiQT94g:bOJfz+26QTOg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe
2940	msedge.exe
2940	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 1452	2940	msedge.exe	84
PID 2940 wrote to memory of 1452	2940	msedge.exe	84
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 3824	2940	msedge.exe	85
PID 2940 wrote to memory of 4692	2940	msedge.exe	86
PID 2940 wrote to memory of 4692	2940	msedge.exe	86
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87
PID 2940 wrote to memory of 4876	2940	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1f02b890aba7f62a71f6d2018e0ae928_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd9ed46f8,0x7ffcd9ed4708,0x7ffcd9ed4718
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14047992755768585151,6095747328234735481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,14047992755768585151,6095747328234735481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,14047992755768585151,6095747328234735481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14047992755768585151,6095747328234735481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14047992755768585151,6095747328234735481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14047992755768585151,6095747328234735481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14047992755768585151,6095747328234735481,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
335B

MD5
6cea10b157b74b6ced47c4cb5bbc962b

SHA1
17271f01db8d0e312f97d386d495a0955eae3aef

SHA256
9328ea133c0afa12fdc608bd1cdb8251036b7c0d3f235e29d9500279f01916f5

SHA512
95c2fbbb530323a755d515009fd32cf98e288c04d5059ced6c4f9a67d53d120cc7a789642e0b48a2b2781cdfa904afbd9f05d07320836d86f049c0108cce8be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
12e4d02c04320f66b17be2228320db2c

SHA1
fb5defc9054670a456e1110f0467d21b97c283d0

SHA256
d0a7470d3acb57e07a2501b74980c94e7fce5457a6ce58af80de39cc2305e39a

SHA512
cd462087ac469b9af652620b95883ac880203448dda4c9aebdd742b926c0eb12f31ee316329850ed0e092cfaad8c66e9e6207600e46c362f4fc5400f7243381f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c4cdc5a4fcfb1047af64111317eddbe

SHA1
e1755d0a51ab15cc481bec8ca6a90c261340bd21

SHA256
2c49770996814da164a25acef18501760a99ae4729e178f337701564b4339af2

SHA512
fd0aa545351f093386948f5d236abbd5c2f89be04378104da896ce44cd2c63d88f111a1f033793c984ee5c3765c010e6d1b7a41ee694852a45e24c87143b5491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9bcb84117baf919ab59100c59e8820c1

SHA1
e1cb8c9e811ef1c9e86bc522eb2dff82d19e52e9

SHA256
54a76c025ca65b31c118ce1cd8f780d6ccd8b54bc7dc286ef277456576bb7cdb

SHA512
be5027508980fadc4a5d5b247c0197202cd22e4ebaa0d7cb46f8e219db90827e6825ee88354d6a0381ca576a1213c1c6f3af4993e7c27f69ab1c37896b27493a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
92180916a282c2ea3454820a48b5eba6

SHA1
929d40ee4f041ea73d2adf91ad69cecec9f4974a

SHA256
40f2bf0277e2b077784d817f2e608bb34f002c9c37b636f2119d65e5a3eaaca6

SHA512
708c024d3e2ba00b7d0e72a09ee374c97fcff5a83e1230ff95ebd0d79050dec5e4f4920c079bea62d4fca5ff105a2b5bff31449bfd4bc3f7c617a414941b0b87

Download Submit