20e54677a116d63f6238b794bad6df99b91cdc0288fc2a539158b2936a88d066

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e94f3ca66ec208222374664b99fe931_JaffaCakes118.html
Size

391KB
MD5

2e94f3ca66ec208222374664b99fe931
SHA1

0d726cd24c8c5f6da1a6103b7d92d5271ecec094
SHA256

20e54677a116d63f6238b794bad6df99b91cdc0288fc2a539158b2936a88d066
SHA512

b013362077bbf87ad0f938149bcd83fe5f1ce2338610a86d92f335fbd1e1f42abb6d43dbc9d3dca4f6e877b7cf400eefa431ecf91ae1623d0735e2399c9ad3d0
SSDEEP

12288:ypz0U5ApGAckijPEqLthybgeDVAcHCWyLAkcFGup3+SrG0O8WeFBGkcr:TrI8WeFBe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
3380	msedge.exe
3380	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3380 wrote to memory of 1908	3380	msedge.exe	82
PID 3380 wrote to memory of 1908	3380	msedge.exe	82
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 920	3380	msedge.exe	83
PID 3380 wrote to memory of 556	3380	msedge.exe	84
PID 3380 wrote to memory of 556	3380	msedge.exe	84
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85
PID 3380 wrote to memory of 3560	3380	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e94f3ca66ec208222374664b99fe931_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcca3d46f8,0x7ffcca3d4708,0x7ffcca3d4718
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9218503269315915202,16451600942518236583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9218503269315915202,16451600942518236583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9218503269315915202,16451600942518236583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9218503269315915202,16451600942518236583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9218503269315915202,16451600942518236583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9218503269315915202,16451600942518236583,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f38a1cc0ba1dc9173de3198a4ceb3150

SHA1
86439071004e0a63f00761c9666adbdf5a263a96

SHA256
0a1d2e421f95f62c1676823db69cf5b6063ae5effd9fc0f68675836858c21aea

SHA512
8b385fdff97eb55e757a54e7743e0a013cffd1e312c38acf8b5eb02ddadf175fdd592ce5eb0b7a34e2eae3eb9a993722d33350f5842d46870680ddd24b4fa61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d7feb3bde99fedff6f04da954d585f05

SHA1
afebfb43d5320afe1874b305f68d650e997a78aa

SHA256
8e518029031f3fc62d9f38280c7b5106930d598a4ff64520fd3d4baa939ab3a5

SHA512
894352027497fe7296d3516322ba881b1e47a78d2e40f88e466187d9189f197a53fbc083631156ff06e1b23aebe91591e619d4700024993264f30b0ec620bf0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bdd694deb2e7ff433bef75ed540293b0

SHA1
956c08c2a8f08f8e5724283410e66e92732cfae5

SHA256
557b4edbb93b910a2dd3cdfdae8ff91fd67896128feea8fe949c74d044f9e95c

SHA512
4e0231a78091b3ca22ad087c4676cb1e746ba6c3bc55285d01bb8b346dc70f6e1f6a598add390db89f2036c246140255c4d66fe5064dd49532fc585cf28926a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
76bf9443e2bf9a0e0b6903a7f44aad06

SHA1
68d067d3bddacecca3402b703de7d46722f0840f

SHA256
4f05dadd219815a33395f69b97e24014bc81b2a398ef11bb5552bfcc2259768c

SHA512
e93ba1d6ffac9d01014075395e897f300796e9800e50ad7d6dac248468dc742548e54dca63de647fe57a0ddf20fd9a07d2d9d02f64c8f81fb777a1b913154135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
d9ef24502860cf0ae65a9a893e97d610

SHA1
8f31f72d36bffe6e3388c2ec60e18a1c95821435

SHA256
0e4f59771fa05b9c297b8841687c475c293f32c68278da3924f2544e92cc6c2c

SHA512
2292e5572db68c5034307c250574f0dbf7fbf9da8b574a48a82bbf3d2f05424c31e024f98a51bb3d790da1facd0af43231ffc5374b01c34e90c275d7d84e52de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582baf.TMP

Filesize
204B

MD5
847de026992275cf049e26235ec460f5

SHA1
f8845862ec48a5b8245742b2020ada7a55efb772

SHA256
ffe4d6de2a06ec923d88a28ad8da354f8c3bef5f06019f336490a07ba8744b2e

SHA512
0ccf256e33fc9962bcb4b8ec19df6bb547406cdc858246d6ddf6a46d8ef14170c201bdcf49f8a66e967ab7858b83d54ee310d98d2520c1e159ff2517709125fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
218bb052f0fd1098a172abdf99f1e156

SHA1
105ca7c2ab0f86cee5f12e7f5de6146d23a41c3d

SHA256
e4cefac7e9475b01026a5fb51a95041c43ee95cff07926e9b1e27a51cb71fca9

SHA512
0a37575fae3cbd06f095b0e919691377bf4b220b86946c15ca9cc8492f92d22851348b12d0b7c0bd5cdf7ea6fe15bff45dd3e218c0c78dea86ac5605c0fb7c44

Download Submit