4822b9a40f2925a9c73ec63a2bec5796bf220753f067d7566790cb2e3df83c50

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

235696b874d1e80f70a7fb470322b2b2_JaffaCakes118.html
Size

214KB
MD5

235696b874d1e80f70a7fb470322b2b2
SHA1

28cb1a01b923791601e797e10167e230d05b56c3
SHA256

4822b9a40f2925a9c73ec63a2bec5796bf220753f067d7566790cb2e3df83c50
SHA512

f0de08dd1c04081576a5fc7b7d81b4af8c462bfb4dda1ed95b77e25507a81be1b1dff30c0e02dcf732b67cedd72101ffeaa87312a63b0112024bad5f7675e3ba
SSDEEP

3072:+rhB9CyHxX7Be7iAvtLPbAwuBNKifXTJC:Gz9VxLY7iAVLTBQJlC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
2848	msedge.exe
2848	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 3672	2848	msedge.exe	84
PID 2848 wrote to memory of 3672	2848	msedge.exe	84
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 316	2848	msedge.exe	85
PID 2848 wrote to memory of 4012	2848	msedge.exe	86
PID 2848 wrote to memory of 4012	2848	msedge.exe	86
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87
PID 2848 wrote to memory of 3364	2848	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\235696b874d1e80f70a7fb470322b2b2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffd37b946f8,0x7ffd37b94708,0x7ffd37b94718
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9589290454741187548,7076203871914542267,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9589290454741187548,7076203871914542267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9589290454741187548,7076203871914542267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9589290454741187548,7076203871914542267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9589290454741187548,7076203871914542267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9589290454741187548,7076203871914542267,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
01ca03242ac979dcd87466f0a2fe13b9

SHA1
85dc0c7104fae0efe4588b166fa2551c244f889b

SHA256
f9119795d1cd8f9e07e9021fbd1d7ae180765aa0445b0b201e6fcf9607e2acb1

SHA512
c1707e527ca6427a432c13cf825be761cc856638b9a8866dce90df98a1ace5cdfc841c7e4f362018a51ac34ac61a63c91805964e5f532c664cf67bb377d06039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fbd1b3e0b6fe15c5414455d352f1a98f

SHA1
41c9078ba958cbcf079087af853b33d232bd8a76

SHA256
813c402ca0e0cfdb587ebac17a3041b64c721c632934cbc01f814ae48f5bd654

SHA512
bf5ed9e20da6e750050ae92070c181bd2c279bfa0ea323820424451edcb9887dbba2182617b32ad55b0675d1ad0600b84b764f56cbdf0b8885aa889930ac5c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7378d8bd0a9593970dbada5baae17bc2

SHA1
d4596cd6451378e1da9e7c7468266d895d77125a

SHA256
9e20c3083ba5e244c89a6443b615858806fceec4f75626a4653525d1687a235b

SHA512
184d0681d17bddeb81d9f1aec3b58e53348de3965abc328eb467de645367eb02848dac1bfd2d47a4699c3601a65fdbf3e314e52b43df0ab0ce772ecc408f133d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a10966bf210d4a2c1c990f2bcd39909a

SHA1
5b0707c39df7078d3ebca1da287d0dd0e24a83b8

SHA256
9f17c8c03377294795ceadb46bba950c00e16ff77077d7b22e223a6173ad5b60

SHA512
6a35b5cb1e8a745f75837d5d2a0aa640649f46b992b27ecc6e4a23f7993774b0d7ede707b4996c0d20cd6be9545e61260d6333408a42025c0107adedef57411d

Download Submit
\??\pipe\LOCAL\crashpad_2848_WILVNWKMXODGZNCV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit