062d3893d2b770b215a27835d48910bf5ac5ead80eecce3e95e18feb9415e825

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 13:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

251bfbf0805042bd6aee9804ee74529e_JaffaCakes118.html
Size

143KB
MD5

251bfbf0805042bd6aee9804ee74529e
SHA1

73506d1b96739708802598b7295e85f76e1ed428
SHA256

062d3893d2b770b215a27835d48910bf5ac5ead80eecce3e95e18feb9415e825
SHA512

8e315105114d0557db10cfa6dca707d86ddff1bb6209011f77b48c13e583ba55bb2771ded3917a9ad631761e5cf87cb83badea8c39d69e301f6d7e118af4b9bb
SSDEEP

3072:StpKXsYx7dyfkMY+BES09JXAnyrZalI+YQ:StpKXsYx7osMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1968	msedge.exe
1968	msedge.exe
380	msedge.exe
380	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
380	msedge.exe
380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 380 wrote to memory of 4764	380	msedge.exe	83
PID 380 wrote to memory of 4764	380	msedge.exe	83
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1316	380	msedge.exe	84
PID 380 wrote to memory of 1968	380	msedge.exe	85
PID 380 wrote to memory of 1968	380	msedge.exe	85
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86
PID 380 wrote to memory of 1840	380	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\251bfbf0805042bd6aee9804ee74529e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd077646f8,0x7ffd07764708,0x7ffd07764718
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,11323651538556096341,10884935442932603769,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,11323651538556096341,10884935442932603769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,11323651538556096341,10884935442932603769,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11323651538556096341,10884935442932603769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,11323651538556096341,10884935442932603769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,11323651538556096341,10884935442932603769,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d4f9b8bd13f88cc641daf9997f6b3fb

SHA1
590b3ee369d8680e0bfefadbd4af4a3f785d3e14

SHA256
1d533a3ab0354d1d00bd900c671b6ae9a0f8a08bd696053500d1f7a08763fd56

SHA512
9c27ee721b3b07b239c8dd50c7a9e629738ffc097c8653ab95e76432954b0f415f34cafef983608776841e96ee68557c623988bc99513e5d067b1b50755c8990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5caead7d7e166b677222301165da5b85

SHA1
ab4defa0a7a8adcd539941bcd6a17304915303db

SHA256
c549f4b89d9e7f8298196d124e4ffb17615c8b999c49cd1563c7ecc50c196c9c

SHA512
712fd6a54c653564eb628f9bb804a39f2244504fd1d1792d60e5092dc94471f7783254fa36d66f91a2646fcedb5c7248032c92f072e91b7a678c6bd30e3c0284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d2146d97cf66e59527f5d92bb14d05e

SHA1
fb1de2b77f0cbfe71e3d7031937a2d2663714163

SHA256
7dbd7b93ffc725a669b72ed395a27fa6acfc04071df69f60e97164659ec5cc46

SHA512
1ec95f34508824cecd29765744563327027627c9bdc9bc562e9f42ecf65bb28f8dc62ba01bf05d29a4981e89443ead757555dfeec20813a15277a8ac8b38a115

Download Submit