5776c9d32909574b3c75a7fb885026a0107ae41aae5bfc360be55e833183e16c

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 23:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

317c7d2a055782cf97c86a260e12da31_JaffaCakes118.html
Size

18KB
MD5

317c7d2a055782cf97c86a260e12da31
SHA1

21ee7415c2bd7a97ec2f44e05df069f4ada8400a
SHA256

5776c9d32909574b3c75a7fb885026a0107ae41aae5bfc360be55e833183e16c
SHA512

79622e9048007f32e3626acdc8cdc6ece0f2d678158d18f1649e122dc7a3d96f63570acbc3b54fdbbc2b0cf24e974af8313f0b41974a5525dd9f68c83d234eac
SSDEEP

384:SIIeCsxHl1AjfSvnTgvYYjlwm6qcKYDGUv:SI5pojfSYlwm6TsW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
3312	msedge.exe
3312	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3312	msedge.exe
3312	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3312 wrote to memory of 1556	3312	msedge.exe	82
PID 3312 wrote to memory of 1556	3312	msedge.exe	82
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 2164	3312	msedge.exe	83
PID 3312 wrote to memory of 736	3312	msedge.exe	84
PID 3312 wrote to memory of 736	3312	msedge.exe	84
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85
PID 3312 wrote to memory of 3780	3312	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\317c7d2a055782cf97c86a260e12da31_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84b6d46f8,0x7ff84b6d4708,0x7ff84b6d4718
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14466753398986312237,7484301984440203943,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,14466753398986312237,7484301984440203943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,14466753398986312237,7484301984440203943,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14466753398986312237,7484301984440203943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14466753398986312237,7484301984440203943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14466753398986312237,7484301984440203943,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8465bafac042cca77cb118cbba4249d5

SHA1
0a38b6c1a1ef0e5f21657510cd85bd2220e42d34

SHA256
f8bf1fffdbdf33a0b6f11476824d0a1a45a92a72914b61aad56062811ee9e733

SHA512
26484aea22086aab025aa52278635972a5c69c606d5ad8740c334efa91f75661a99e28e493fa8ddf68a5a9cf8c3238fa28c7a80b028b01329fb9bef69d2c9034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
273a2d2f04ecc170aca9d1858c63337f

SHA1
7401217ada88ce4b554701a384a8ad689e16cb43

SHA256
4cd59433d95f4a8e8333e76760eaa115a65878ac8228312c26b650f2920ee091

SHA512
0c44f396c150823f1282d783cc334b5ef1f1671970536301042af7ea28058cba6eda33c95ac752aced3fe60fc15c62f6ac82309b4ae937ed03d71e2f7b1d03c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c1598da8e9f002167e87258f3f8e69c

SHA1
a6c851652b5e890445e36d1fb51194bb94604e08

SHA256
223ed81edca76be3fd0123734f1af07e35e23f563f62222d8eb670db95228d7f

SHA512
9334d3f85f298d3d039704a1addfef704c7f826e92b6a2b69ba89f1f4729359e267b6b8d17dbdca59d04d22c15b64bdd30ebee0499d1aa7334607d51b467d94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2cf655810113700d1d5c86699e40b558

SHA1
2efba10122f13787589d6dd8b072d032ddca8618

SHA256
0307ec61724bcba9889730576ceb8a2fe0888255cc60669de51fb16412091e7c

SHA512
35a6ca20a6488bdceb64a8cbcc347295fa88944e1ee9f691ac1e018f439d537ff5f239f777d96296b9ae24b9774504b7628dcb9eb8bd73ee61b3d15df55bdb59

Download Submit