b96913a583c50e6b102da984b4def546413db119374885b864d57a4c0fbda90d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

212eecbd9735ca53b989ad926cd368d1_JaffaCakes118.html
Size

151KB
MD5

212eecbd9735ca53b989ad926cd368d1
SHA1

fd6596b67ca43338aa5584f1bed5b1ab11c24e1f
SHA256

b96913a583c50e6b102da984b4def546413db119374885b864d57a4c0fbda90d
SHA512

8d62afe3ed4ce1aa01c72f76b6df23dba9e9459cc2a0273cc6c201169149b5c46bbb8c81d7fdb45f8d36ada9be4aa9ffbff6dc479eb4475033a9e7f8eb4cbcd0
SSDEEP

3072:StfDzzPdEyfkMY+BES09JXAnyrZalI+YQ:St7zzPdJsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2680	msedge.exe
2680	msedge.exe
2440	msedge.exe
2440	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2440	msedge.exe
2440	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 3556	2440	msedge.exe	83
PID 2440 wrote to memory of 3556	2440	msedge.exe	83
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2284	2440	msedge.exe	84
PID 2440 wrote to memory of 2680	2440	msedge.exe	85
PID 2440 wrote to memory of 2680	2440	msedge.exe	85
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86
PID 2440 wrote to memory of 3632	2440	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\212eecbd9735ca53b989ad926cd368d1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb83446f8,0x7ffeb8344708,0x7ffeb8344718
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,5858351734524640831,7468551243050284800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,5858351734524640831,7468551243050284800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,5858351734524640831,7468551243050284800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5858351734524640831,7468551243050284800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5858351734524640831,7468551243050284800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,5858351734524640831,7468551243050284800,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9dc60aef38e7832217e7fa02d6f0d9f6

SHA1
4f8539dc7d5739b36fe976a932338f459d066db6

SHA256
8a0ee0b6fafabb256571b691c2faf77c7244945faa749c72124d5eb43a197a32

SHA512
18371541811910992c2b84a8eae7e997e8627640bdb60b9e82751389e50931db9b3e206d31f4d9d2dc3ca25ea3a82c0be413ecb0ef3ac227a14e54f406eaa7e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ac03b15b68af2d5cb5c8063057cc83e

SHA1
9b2d4db737f57322ff5c4bbddd765b3177f930ab

SHA256
b90d7596301470b389842eecb46bd3a8e614260b0d374d5c35a36afb9c71a700

SHA512
a5e9f40dd9040803046b0218fab6b058d49e5e2a3ada315e161fe9fc80ebb8d6d4442ccc1c98d19e561fc7c61bcf43d662fe2231cacacb447876a2113c2e3732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bd411162c40bec5c1735096e06b2e058

SHA1
4206070b309edf00a50f47f84e8c37dbc5d341e7

SHA256
fe973b3c41f8d84576d0c0805b43790da49983815e7d17bc44b3b5a2b6c87d47

SHA512
c70191a23c05a63ae77ca07b41ceafce7140e14986746e509528325b244573dba29c76c0ce52c5b5c14bfe4c20e08716a9464b81b40b2af02f786e4fa49302ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
afce7f20faf0b6a75942abf461567128

SHA1
57e77e39c1da09324332387c7e4fe6cbbef773d7

SHA256
a3c37880ef0f4bc6c2f2c2814656902f484a555f68e0bccab42f8cb07335cc4e

SHA512
5f94f0403e26bb5101ac02f65aef2f60126dde04b6b6c4bffbb96f19dbcb0e6d818d8d08284d3090b35c65476f7d77a60d72a3af5577e13b054dc83af49a4d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
302876663f48ce602a2011a0200dc9e1

SHA1
a177059dfe8dc04cddb1ce576310a09725d39e7d

SHA256
e234c3ccefc2b8e67905a44c4664b0924b8cbfa3e1eed9674b18205284511965

SHA512
74f3514a6a3b6f7b942b43dab56aeff42ac752edde4a15d31ad942237d07caf4d24c088d13a4f4324dff169fb97e0a93d17991b659fd79739d6b289ad7bd60ac

Download Submit