5217e05541145c29d0616656f03c272cc74ec47d31a4a551e8ceef41831f6728

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

299961735901feeb00df1b1ac5550662_JaffaCakes118.html
Size

104KB
MD5

299961735901feeb00df1b1ac5550662
SHA1

73524f3075d263155bb3b9096733a3681dce7ce6
SHA256

5217e05541145c29d0616656f03c272cc74ec47d31a4a551e8ceef41831f6728
SHA512

e4ecbae91fe634fdeadcd73fd96b9c0e405dfc55695181ccb903adc3a6742b3df6c7dc9c68a8700d71b411c20ec1ee40c9f2ddccf5200b73e7ab2df74bd6bcc1
SSDEEP

1536:J1dgX16nHEINs+RtsGN4KENuWB9Are4Hd6QYMjgmjERhLbAqlXQ9rqTcA6YHvjjD:GMnkINsCtsvQYMEFjZQ5YktVr21

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2588	msedge.exe
2588	msedge.exe
2288	msedge.exe
2288	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 3244	2288	msedge.exe	80
PID 2288 wrote to memory of 3244	2288	msedge.exe	80
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 4544	2288	msedge.exe	82
PID 2288 wrote to memory of 2588	2288	msedge.exe	83
PID 2288 wrote to memory of 2588	2288	msedge.exe	83
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84
PID 2288 wrote to memory of 1652	2288	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\299961735901feeb00df1b1ac5550662_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb923946f8,0x7ffb92394708,0x7ffb92394718
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10804359216930711619,3748965735034497935,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10804359216930711619,3748965735034497935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10804359216930711619,3748965735034497935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10804359216930711619,3748965735034497935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10804359216930711619,3748965735034497935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10804359216930711619,3748965735034497935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10804359216930711619,3748965735034497935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10804359216930711619,3748965735034497935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
3e8599933928839e927cdbb78861a790

SHA1
1d82a2ee8f554bbe4efb54340397b4e0f823edc9

SHA256
feae7a12d67a588530a1a375a70b70d8b331053a33e0db6f84618a9f9276d5fe

SHA512
d2639b9cd6d38b02beac4186d7b21469a377b65ed37345333a0452a3fb188c31985496a2b25e1443c4b5a113b4be317f851ae6eaebbf9f03095522cfb5f20f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
974B

MD5
f751227e931ccfaa0ee284880ab363db

SHA1
66bcf083892864234ecddfff535d2a840d1ef577

SHA256
ae08d8a935d1fd7d7f1841e214ba9a1c8033259370f14108df1ab2be17a2f146

SHA512
cb6eb2a8e70a2ae12e4766aa37cbb99548b9048bbc9b02235e72dd4caa03c56c6a18f047ffcab46d28e4bb5555c7590fbcd886e33e3bfd90d8c28000ed8ea4ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9af6c910c20b7aa3b0e6d059efd79659

SHA1
c6b7bb61752b20643b2647b6d12cfddf990f5fca

SHA256
022008db08664c44313485d2a7cd549b8d93926213cbc00e599b9bccb8ea32c6

SHA512
17cc2ec0af88d034b8b075775f09f5dbe4e6c427d62995f975959e26c1375ca0148170ec05389f9ed0c1870b02898ef4cdfbcbd27cdb79c33a1a8d6335467751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4892ad11a7c0f9c2ba683ae444244c47

SHA1
9d906b610d54d3fb3d1497d149609215ce449059

SHA256
97012e4e60726dba57eff8a7fa26213bfc049ad51f114f9961e7432a09184a53

SHA512
a7afc05607a8af40757a23127e5cc27d2a464c098d368ed87f7dccc6bbef7df105d5574c4edaeb6f1e289c253b870d0bdc0dec74daaba31903614da703807dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c9b3980c9fc5993c5adfd5447a88c9e8

SHA1
83c92c54cd5f3a0652e096c58334daa6b8387d49

SHA256
b028b3cc30758a5978e9bf89e769e9595c2a05483a439c0a874e9ad69203261e

SHA512
3e8fcd7a3b399187ff2647c52c6f81cea6165084dae23e1db9eaf5ccb1376ae98e175ce9f1034cb2f9db2df483765b85259b26f9fbbcb1604dc84a827c1d476a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
12ef22f190b6cd7bccaa8cd00cb5df05

SHA1
b5f301cce9b08b1f9a8d3eddd38da712b8280e4e

SHA256
7e9d9fe9ee5e096fa6200190007998a9858e50cedf0aa0a1d2336395378a8fdb

SHA512
b71c4f7f0a700d13532e156b0edb5dafe730067b1f53e80cede28f90f8d9594434894c8f3cd0db3eea1dbf817f99b2cd4e02b7360af1cba131f816916778b734

Download Submit