9f7d81121ed3f7dba66e108f5423b21388e647c399caaa2bcebb3f202502412c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 06:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23afe7a222b737f03fa3b607a4b1ed51_JaffaCakes118.html
Size

18KB
MD5

23afe7a222b737f03fa3b607a4b1ed51
SHA1

7794f5fe77da1363eb1b6f89b37c92e41e3e41f5
SHA256

9f7d81121ed3f7dba66e108f5423b21388e647c399caaa2bcebb3f202502412c
SHA512

45fd5b16147d18ada14c57acf3490eaea0b1dcd50d24ffa2899f5c9b29298bf21540bafc277c872ed1f6d3c0f569cb86ae2a3f8a13bd4d35b49896abe60b93fc
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIB4DzUnjBht382qDB8:SIMd0I5nvHhsvtMxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
2212	msedge.exe
2212	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 3700	2212	msedge.exe	85
PID 2212 wrote to memory of 3700	2212	msedge.exe	85
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 1896	2212	msedge.exe	86
PID 2212 wrote to memory of 4492	2212	msedge.exe	87
PID 2212 wrote to memory of 4492	2212	msedge.exe	87
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88
PID 2212 wrote to memory of 4700	2212	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\23afe7a222b737f03fa3b607a4b1ed51_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99d5a46f8,0x7ff99d5a4708,0x7ff99d5a4718
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,17849157049913486783,15647384742779011416,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,17849157049913486783,15647384742779011416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,17849157049913486783,15647384742779011416,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17849157049913486783,15647384742779011416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17849157049913486783,15647384742779011416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,17849157049913486783,15647384742779011416,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ed361774ebdbc9bb415190b1b0aa31fd

SHA1
d6b06a5b458347fa7aee72a79c3567a71ea32c45

SHA256
f22bb273576ebeaafbbc7b171871985e4b6a59815e8b46fb9a6604173fd8df4e

SHA512
3d0899e514e1fbac9c3e5d405e2d98692b12043fbd8533d4f8f3b0eeb632a7d821baefa532320b5df72bd07610ea9d2d0f72d4aa045b2288cd23535c2109cd55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e83708d93c88474e83cf07f9cc78a6a

SHA1
fe158d00a38a34109ad54a1c9d6d80ad74658c35

SHA256
8bde3f39a7f1fef4d11c566a719d76920278de33b8a686f281764c656956d9cc

SHA512
d14f98f392cbf662e9d892904eada392b3d4ab2602815b87fa765309d4aca73deb0056a38842bb87a2efcf8813634697f47672ed291711c62982fbbf79bf7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
263aa72fe7bae98671c979c9f09f14b7

SHA1
be4374fbf2f9c8ee15d7fe9856cd3e6837bfc351

SHA256
6abb18c9a965ba67b88eec0575fdb142131df4524311f22885790705e43a6e20

SHA512
40684d753b89044798ee02052129d03696894cd590bdd64f5b9cf9078c9b5e7c03a3fefeb0da42a9634a72941ecc84f3643bc0a444576c8935b700841d697ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
10916827a929badb3ae57631ce802a3c

SHA1
62e0a18150d5e73444eeee69f343e707a193f14e

SHA256
bea7aec3cd8a934b50860fbaccaf71e2ce4dc7ea06e5967239cc2662058c3879

SHA512
6f5df75bc0b5640df7392f2543d4fd0f26041bb85809a9f80f52ac6d9538c37749c472f15b55136577027e413826a6f1f509215f4477ab1f00fb565ea1311693

Download Submit