852a63b396ef796e97d92ba0c733414e9549b5fcf1dc8936895339bc51219bc3

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 03:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1f3f69a0dc5d6ace9ddfde553a403330_JaffaCakes118.html
Size

259KB
MD5

1f3f69a0dc5d6ace9ddfde553a403330
SHA1

d080a0b55ad9e05af75e6e6959d21c4949ea6f72
SHA256

852a63b396ef796e97d92ba0c733414e9549b5fcf1dc8936895339bc51219bc3
SHA512

e2e0fb270ae05241cda2f589fd7e018ff6a635e10dca955a2bd7b557d2abee101c4451354f2129e953f524d7035d47c332ea60f6bf009b47d1d82acd17fc8ba6
SSDEEP

3072:zWCo2WAyXrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ/:Po57z9VxLY7iAVLTBQJl/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2780	msedge.exe
2780	msedge.exe
1592	msedge.exe
1592	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 3360	1592	msedge.exe	83
PID 1592 wrote to memory of 3360	1592	msedge.exe	83
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2888	1592	msedge.exe	84
PID 1592 wrote to memory of 2780	1592	msedge.exe	85
PID 1592 wrote to memory of 2780	1592	msedge.exe	85
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86
PID 1592 wrote to memory of 2600	1592	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1f3f69a0dc5d6ace9ddfde553a403330_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe071a46f8,0x7ffe071a4708,0x7ffe071a4718
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8924148313758735631,7731427204099747034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8924148313758735631,7731427204099747034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8924148313758735631,7731427204099747034,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8924148313758735631,7731427204099747034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8924148313758735631,7731427204099747034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8924148313758735631,7731427204099747034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8924148313758735631,7731427204099747034,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1420 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
478B

MD5
90b0ccdb8950e0b6c1cb17cc5c9b6b51

SHA1
79a6ee2b96363c8a0f783c9b9f8f87f032e3d662

SHA256
861b22b21f22ad5c5f2ed7c714b671487f1d802ddbf20fa9ec4b5a051fbf9108

SHA512
bdc35780e99e5e1329d6b70272299f5c26e57e0d86aec97860911289b34a72677473ed0aaa60d471a87add736940c6a2144575c89a4994f0fcc84d483a28d0f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3799b99a52f0223911e79ce8071bc888

SHA1
b574b1eb36be57d932938c8406f5547635138017

SHA256
a2b79a44adae20b2418025ac4472ec87eb2cb41a9f9d99aab5dca23610e99f25

SHA512
5559d12a36ee55015084a693435d173ad8b3c20ecda64ccbc172c3d4d6358eaa81a712e1743775f3e46150864548525f48f46970a23dc054b8e6f94a291793cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c69da2633e4ffaf8750cf59ad89f715d

SHA1
d5fd526805e1b2693229e601512d1ffec7769615

SHA256
f9f44971a7258797343026fe137e46b2ec02a9a8159cf9b21d62aa12c00e68c0

SHA512
b07fb277d92e29cca7e4e817abe58d20006b2fbc5a5d5e5737e1741a9df3334a10f5e208c50024f00f5376dee077aba1e83fa54555730e5002c5ddbed2226e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e979fdd2f0fccbbeb348ba76d1f0b564

SHA1
22568c938966f73f2c111ce6b7460e33e5043440

SHA256
763eb9fcd3ebeb8421de76ff4080c92c732a7086f716346f359204c6385ea2fb

SHA512
60a237ed1fcc9ed955526b71f5e5874985d54cf87f33bda16ce4965c5cb95744b1f3e66cbc1ff21f685218e8e32d28bd46e46959d51116bbb41ae8a41c54a6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
267d197c3278af79b19e14050aaf4d81

SHA1
02a235d1012ecec286b006903c480c79fffbe9b6

SHA256
60f728c2bfedf319f607c109749c7eac111911e34d2bebe0eee9537161ed6232

SHA512
810d726a6f266b2e13ca9bdcf8ff16b8d4e05f5c2289e0f6a142678e1330e7d440d88b3836cd385a0baff4083e825c83642c914df5a4924a78f5a9301d119abb

Download Submit