aeaf1cea74062cc9114f57f6f178004f1bc1c84720fb1fdd18ab6f2413be1628

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

228e4e97b91ac0004e4e90c586bc09dc_JaffaCakes118.html
Size

98KB
MD5

228e4e97b91ac0004e4e90c586bc09dc
SHA1

2f2d7508b821f616d0bf747c1b1d5f563e20b4e4
SHA256

aeaf1cea74062cc9114f57f6f178004f1bc1c84720fb1fdd18ab6f2413be1628
SHA512

06569daee473e4824fac330d9a8f9c5ca72bd58c49fef3f09c3f3da3956d1423ebc907f816dea418f016e15c527e02b71e81b9a47ad0e43b6aa703c5f23160b6
SSDEEP

1536:v9MWHYDp4sSJ/3OJ3PiBPErTu4ER7rXEwpXbqLMb:mrhkswp2LM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
1148	msedge.exe
1148	msedge.exe
2056	msedge.exe
2056	msedge.exe
2056	msedge.exe
2056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 5072	1148	msedge.exe	83
PID 1148 wrote to memory of 5072	1148	msedge.exe	83
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 4244	1148	msedge.exe	84
PID 1148 wrote to memory of 968	1148	msedge.exe	85
PID 1148 wrote to memory of 968	1148	msedge.exe	85
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86
PID 1148 wrote to memory of 4836	1148	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\228e4e97b91ac0004e4e90c586bc09dc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc041c46f8,0x7ffc041c4708,0x7ffc041c4718
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,339123488534056089,5878219875789981838,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,339123488534056089,5878219875789981838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,339123488534056089,5878219875789981838,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,339123488534056089,5878219875789981838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,339123488534056089,5878219875789981838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,339123488534056089,5878219875789981838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,339123488534056089,5878219875789981838,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
559B

MD5
c486634d9ce71f7b439e0b211c5e19c3

SHA1
b2259e370809ad20d5367bc4714a776b4af0e30b

SHA256
b13d429b677eef02ecdf96999d90eb6d08cadc0af8c16199dc97d13b508c8ca0

SHA512
ef45855ecd5dc39b7b2c4174814759876e92d363af41df82deb14bc75629187db0c641382037543fe6a9653ac58a2ec62a8d6312d4c40cc5565d5935466f8210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
559B

MD5
80645b6bb5ccb33e0c84bfebe7a17d2e

SHA1
f7211462507c07b20fda564de90c23120f30df86

SHA256
c52df8f303a02f0624e0740defc93811da3f6a9c365403dd442f52952ef7e18f

SHA512
c80028b078042b71417930229bdf693939335062a32e7665f36ae3a061c94e249bdf4f1d43e31278cbd7728325b374a49d1ea983b9b31cd1e626a6a56d0ff3a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1e20bc0c71ae3881ba91183559a49982

SHA1
982bc758b941a5aafa3440920fe0c8f033f3d096

SHA256
487596a2ed81452acd5eff6b8289e31e428d31d427e62dc0b7ef8ec4e82ad6d9

SHA512
66507a5d94f260c4cb329a8945f7cca40a0549f462cf5115cea7b226b0279a0579d1e47c37844f67067eae223eeff9d6e09baa07d98268b95721550b73baf5c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
77dd8ed3d772182867afe776574de507

SHA1
1a1d2b7a9bf076e651e2b6c0a2a029486835e69d

SHA256
7cd2f3918743c5fc0b6fe2bfc2757f93c0061f9372dc612ab19a7719641d5e03

SHA512
ac555cc499ad80d7a79e00928c552c6e91173eb65aba44a29afe725e020a215fb2e6d10061ee9974f8aae8cec95c7ce3d805954590abeb20c637c99a82b3a517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53bd12126333c90f66e1c7fc309b7e4d

SHA1
19b4136bb6b10bb7789ff5ef5950a7b9494c3288

SHA256
1a2541d7ba60b9b8d3d4793f8c6963fb766fd644c8e0de816f64ae5ccf156586

SHA512
2eaa6f29f9a7ac52ce9dd4dd7148a92ef310863d27c8c9d640de6d110099759fec07e0031b7365222949aa8451754805a9c6630efd313f7fb7d4e3504825cb35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6c31d06cf5dcd12920187e2f21ab5434

SHA1
54ed54b1fd43e5487cb25185d51f793d52ebe4df

SHA256
b8380395846da0402ad84ee144fa33127515807b0764884b82f1e43802859817

SHA512
ed3a7f0987ba28d9386c55699d8f44d72d8db71a1eaa536cb5dea7919bda83b5b01f73febea0361318ffb615bc7be0baa96a7ca3504abb2d6db33664ea462d06

Download Submit