567e42203ac20669b04f3a10721af897f7dbf98fecd0220caecff4b538df3cea

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24f2326f3c5dbddaede5222a7599ad65_JaffaCakes118.html
Size

29KB
MD5

24f2326f3c5dbddaede5222a7599ad65
SHA1

8bd09a09aa0458209f927f7025c7d8d2b0b73cdf
SHA256

567e42203ac20669b04f3a10721af897f7dbf98fecd0220caecff4b538df3cea
SHA512

4ad40439db18b8ae06d4a0dc323f8d2f57cb5bbe8c73c8cafff85873561d2663b7b50bbd2288112511ba50d7dbbc3b98eeff22f2a2033de1492c7e71f19422dd
SSDEEP

768:EoTDP4IccUrh/yqOqJZOrkJsQHvgabjBr+:EoTDP4IccUrh/yqOqJZOrkJsQHvgaRr+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
4756	msedge.exe
4756	msedge.exe
3312	identity_helper.exe
3312	identity_helper.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 3248	4756	msedge.exe	84
PID 4756 wrote to memory of 3248	4756	msedge.exe	84
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 3444	4756	msedge.exe	85
PID 4756 wrote to memory of 2160	4756	msedge.exe	86
PID 4756 wrote to memory of 2160	4756	msedge.exe	86
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87
PID 4756 wrote to memory of 2044	4756	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\24f2326f3c5dbddaede5222a7599ad65_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca3f546f8,0x7ffca3f54708,0x7ffca3f54718
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3806413751340966453,5402483297024620028,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3806413751340966453,5402483297024620028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,3806413751340966453,5402483297024620028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3806413751340966453,5402483297024620028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3806413751340966453,5402483297024620028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3806413751340966453,5402483297024620028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3806413751340966453,5402483297024620028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3806413751340966453,5402483297024620028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3806413751340966453,5402483297024620028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3806413751340966453,5402483297024620028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3806413751340966453,5402483297024620028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3806413751340966453,5402483297024620028,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5648 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1834414b-db58-42a4-9f14-7629829fee66.tmp

Filesize
719B

MD5
8c5b43a6bd232801f0218ecfac39025a

SHA1
3e9c5104b0fbe1ce99adade418b3694a79ab3415

SHA256
4389017c56c04b7c89a857ad150bdf648dfcc3a9306f63375d67329fa632213b

SHA512
7ebfd4c8de613eabb7f748dc8d9a23c16d7e1070f10a3e334b7934048b9274d2c4aa0d813dd6d5353bedcee06a594eeb0ba64974fcf432b7246bbeb68d1a78b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5abfabe883792fdbdadaade51b51b5de

SHA1
eeadffff4792a31181702a01be79e7c3a1453b03

SHA256
a14baf31635decced13ccaa7b6a6a861a5d56a19e4435ce9c271bec79ff89dd2

SHA512
9113b22be147c2d54a5f46ef549bb917671c43d0bf2ec61753dd45c34741c71761062ab8ed231b6cbf282efada0d120452af19dad5b663fef29fe2c5daf9038e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ab0c9f2fc6188bdefba2feb6f303352

SHA1
54fcbaacb6e27fa2e452d6e430b7cd7cd4676492

SHA256
c65aebd77fc7fd3cb15b9b87e06ba19e049d7cc57e7af3b41b312e4d355d11c5

SHA512
6211416db0e53bb72264126f64beeaa99bc1960f67788ae41cf6d2ac07fa9ac81d635afa23f695f4690d3b79416d5e1cdaf264e9274fdf30e10ea6cb93b562c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca617982c6eaba1c163ae9977383e431

SHA1
4f336d50d464679651e609a1dcd7cdc19fec9079

SHA256
4c8b72d6d58483ca56f30720b6af84a7246898794168bba567919af8f82cee20

SHA512
304cebcef307590f964224a43c08adb9137f163d72cf8802be5582027b60749d853f521aaac0a83d312197f56c50c24b99695b54c12a76950fc424933e1b7065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
4321ba0d546bad6130eb221a0fefca7b

SHA1
7147940d15b54bf9b6ee28dc889523141c53c301

SHA256
20efa4ad286735bb7b4fca66effbcdb32dc415ff775ded3720a65d13a7e88f53

SHA512
f9895e51cd36ad343966d50fd8d31f34a3d709a5e34a8cef3e73e4a5b2f7c088311fff937cc6291c000d4f66c88480e61e79e8929ab3c82951b53f5f835fd592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c592.TMP

Filesize
201B

MD5
92fe3683464da9da22fc214e2c2be695

SHA1
5d8b2d66a176ed961a44e617bec1efaae819a4ad

SHA256
c102b6bae35269df0ac4e9eed731bc3eff286c08bd3a49ce2b60ca1ebb533b76

SHA512
de1aaecd7c6782da68eddaf653cd6888ca004424926a0fec9be924462b4c020d8c2725938f6bf241bc39e0a6e3250761793d5fd090241e540cf7a139e2d933a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ed88544dac125652034c0bd6e06c1ee8

SHA1
5a3dbf3c3c704e5121f381a5bb90acce2e46ca2d

SHA256
09fe9c955fd5abe01ae046f38c1b5c264e2e8db2f8a33ccc751fc5a46cdcfb09

SHA512
d2e4539b024c43059f1522c382920b3e33b946095bb6d8a0693856243596a2d516ff77c72c4cee165fc2dede44b5ae05e444dbe8fc5d8d709384f3057003544e

Download Submit