f7db76c3952ff5ae1d752b05adbea43c5f1d21f612b07cebe42bde9682daf4f7

Analysis

max time kernel
145s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 08:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24197641e50a785c5740925cae116ccc_JaffaCakes118.html
Size

30KB
MD5

24197641e50a785c5740925cae116ccc
SHA1

4730f3a07974adf2b27800601dcc7beb0278e573
SHA256

f7db76c3952ff5ae1d752b05adbea43c5f1d21f612b07cebe42bde9682daf4f7
SHA512

8204f5488fafb641faab672bfdc50531306923cb2ffa0ae3508bebad60c7c697e5fe4f27d04f7f6e84bcc16f84a3b24b610d3770fbf86bc7211ed29eec1b7d33
SSDEEP

384:EFZMK+oXlbNi3oF/TbVii+zZdmI9tKhwllZ5FHVt1t6SmOFV+JoaKwmPDwB5jN6Y:XK+EbA4F/TbVOZT94hGbpb3wmwN6zvVy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1040	msedge.exe
1040	msedge.exe
4544	msedge.exe
4544	msedge.exe
2908	identity_helper.exe
2908	identity_helper.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4544 wrote to memory of 1876	4544	msedge.exe	82
PID 4544 wrote to memory of 1876	4544	msedge.exe	82
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 3360	4544	msedge.exe	83
PID 4544 wrote to memory of 1040	4544	msedge.exe	84
PID 4544 wrote to memory of 1040	4544	msedge.exe	84
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85
PID 4544 wrote to memory of 1488	4544	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\24197641e50a785c5740925cae116ccc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff936df46f8,0x7ff936df4708,0x7ff936df4718
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,12988120991470872103,1922238375071247441,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,12988120991470872103,1922238375071247441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,12988120991470872103,1922238375071247441,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12988120991470872103,1922238375071247441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12988120991470872103,1922238375071247441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,12988120991470872103,1922238375071247441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,12988120991470872103,1922238375071247441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12988120991470872103,1922238375071247441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12988120991470872103,1922238375071247441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12988120991470872103,1922238375071247441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12988120991470872103,1922238375071247441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,12988120991470872103,1922238375071247441,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
181B

MD5
385002eb4fc5d9a3379450cc6a24bb1e

SHA1
c61d49852bb0159ca240feefe600b5fc70bfb3eb

SHA256
840d09c730957c4c5fa37a2c2ca7227ad42de0766aa11d60c3f139f30f0d8aa6

SHA512
92f5de8decf13ef0ea1bd7987a338c1b24df2c57d5898c92e122749d619fc630375bdf509b14172f09be8c5323a6918fded5d9a5acf921377135fe60c2be8515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c412fc358869de1605795a82c0f2daf4

SHA1
fecdbcf8a0730e716c5bf4ae36e28ce913c6d3eb

SHA256
cb11f0eef665ac2966bff5a6a4bb3afe0dc2d18634fbb9f4dee09e6ec8ce3ea2

SHA512
0a39f82dd9348910fd9cb5e5875a9a7e0876d57f904d496264e76a7d4e2b2bc2404b16d0af352ff7a3daf58f1439e3309ed0e4459b17f2ff0ff68b895677a3eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e5dd0d91c1c9892377e7a3553f712612

SHA1
952b7db0eee1f9b4c4ad14b0ef44eb86f0d26a35

SHA256
350c3f6f6d36aa5e6ca5cc8a92c81f88a585b29e38b20a516f1c6e1323595107

SHA512
fa855c8e4a9b9456b453ec512decb38c1625510f01b1fe064e0ca5bab5520c4f68e7168931c2df8465bf3bae4248bfaa156a2acad70265ef6fa5089fe26315b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db4bb8b84e7362e73d679eb1b410c2ad

SHA1
228a70dfe64b4cb92af3f257b539e855e3dac015

SHA256
aec1ffd4d978cc8d1121a69641ee6bc1b3b956d7d09d9ebd99561f5aa9720ee3

SHA512
f9b9ce3062078c1f6ede4e3d9b0e4ab8913869264ae0682ce2cebfecba1d57819fda066125cb2529df98d8d77570c7fe68c831d2a3ff8a632382b5c8fb3c794b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66c10181860b72dab20ce5b292473d45

SHA1
47e7d2cd5712b47708cafdd13b49a807a2d4b938

SHA256
c5e44a7513454f29ff0119851473434abcae664a47913f019d226e1cce4751db

SHA512
02a80fd3ad39bdf9e8305b827660baa294d7e5dd518fcdd54adbe081c4d0f78eb793f522b957b2b206d78036caa3f47ce9798f8b30627c4037af030ffd2de43f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d95fe4d5-8d25-46a6-b393-16a5589fcea1.tmp

Filesize
11KB

MD5
8ea8cf290353c2cc24917fb51660eec2

SHA1
ecbbf7bb4bff945d3ec25af5c2e311d3e97ddc51

SHA256
ff8b648e38beccae3f35c9b07bcffc270db0084c27c827e9a35d1025f0161072

SHA512
ce60ed4608dbe893faa3d3fe91e78f9f9e539f6a627f8ad0b330153f4be8878dbbb7f814118fc7228804c6a32b21f83ef07bf70f69e8327f606b86df9981202f

Download Submit