f99f81bfba48cabf3197c0367b23c51b87bf5943ad18328811a655627fb2f138

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a8576f5e7ba0af9f03715704405b0b9_JaffaCakes118.html
Size

18KB
MD5

2a8576f5e7ba0af9f03715704405b0b9
SHA1

7f92e5843d823c5b015094813d522658438dca4d
SHA256

f99f81bfba48cabf3197c0367b23c51b87bf5943ad18328811a655627fb2f138
SHA512

b4342548ab6330bd5bd404d2962414f6d1832f9ab9f4d73b0a1b6e4cdd4e861a8a1b68881ed365db8f2ab24381dbdb0d7676a823fae86b8c305ed412d56bc19c
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIw4GzUnjBhyU82qDB8:SIMd0I5nvH7svyXxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4832	msedge.exe
4832	msedge.exe
4736	msedge.exe
4736	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 3056	4736	msedge.exe	82
PID 4736 wrote to memory of 3056	4736	msedge.exe	82
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4424	4736	msedge.exe	83
PID 4736 wrote to memory of 4832	4736	msedge.exe	84
PID 4736 wrote to memory of 4832	4736	msedge.exe	84
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85
PID 4736 wrote to memory of 4576	4736	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2a8576f5e7ba0af9f03715704405b0b9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82abe46f8,0x7ff82abe4708,0x7ff82abe4718
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5378093061091605201,8465598876743541273,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,5378093061091605201,8465598876743541273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,5378093061091605201,8465598876743541273,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5378093061091605201,8465598876743541273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5378093061091605201,8465598876743541273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5378093061091605201,8465598876743541273,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8fa9388a6327c100248338adcf1d2683

SHA1
bddb50dfcd477e997503555db8353b6dd1a1f683

SHA256
91e1620fba84a2c5cd10c7fed2ad2bd4394af58558b2d98aaeefe540e2178c3b

SHA512
6153e1618ff5ab082ee42b016c8295a1d4b6f9e76d3e0763a9bea1350e926a972c0de1bb8318579ba2a4a790f1cfa8bb46d15f0af200fd0a2e1320b259b2ff88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d81d261eb9b97ef095517c7f4c397085

SHA1
ec607fdadc68a568a65f6ac798e39c355cd66c61

SHA256
d69447f1fda65d36aef636be1e4262046fa0fa7768bf1729fffe9220c9c201a7

SHA512
a708bbb60b366ef2673b1a0adb16dac78135ea560644fff7bc6837a55b73171e628ae72e2a026e293f4be981eec5ddab6c18a46b41b8cf97a400ed6a9dd92dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bdb5e44bf2c2414e10ebd813f750c22b

SHA1
363703e6b69a2efc49e03abef2c63dfff4b11b55

SHA256
6bf12ed2d8813a3eaa0dc5d455651b31f490a09c456cf777844508cc3fd1d92e

SHA512
843fc28b9f570f60a4e11df4cb162d89011ec48592c4525b4f55da3d5b0f837c94780487f77542463b52bb8b9e535553062c4720e1316b9dddd37ff8cbe09ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
80a3dfd6c0544102058546cf5c138613

SHA1
8e2a919076a6d8bf9f7db86ac823cc8245bf071d

SHA256
eed272b0533f77afb8377fc66d4bff7ab9862024d7280768ce974ad36b60445c

SHA512
5d8d468f7c401e6ff6e929115b0ee7017bc642e88701b8fb6694e081a6327d8cbe9fa26680d2fc27213d587ba6bdd2f6ee31d79b453ceeafcd627e82646cd459

Download Submit