70c9cf2d334572808f7722aa793b111a94858111379b1eb9d26aec0f80464519

Analysis

max time kernel
145s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

503e4fdf27bccf118632739a1ecce267_JaffaCakes118.html
Size

189KB
MD5

503e4fdf27bccf118632739a1ecce267
SHA1

f1223e60f7f76a2117fdd30702b8e8e32a26c830
SHA256

70c9cf2d334572808f7722aa793b111a94858111379b1eb9d26aec0f80464519
SHA512

6ff05cc7a2c1b377369e2c6ea5faf449ce7a0118a552469ec9236b0f7b31fe2dc90bb212795098dfced626aa8eccaf11d9dfd1bbda6ffd4db64635d918155080
SSDEEP

1536:dEmNGZqnIYnyRZWS5ogpuz4fQpp1dVWHGZ4srV2ERZTxAH9NLcthjMLcZ3xt3VSR:1FkyZ0KNyLcZ3xt3VSmFc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
212	msedge.exe
212	msedge.exe
3768	identity_helper.exe
3768	identity_helper.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 4484	212	msedge.exe	84
PID 212 wrote to memory of 4484	212	msedge.exe	84
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 2488	212	msedge.exe	85
PID 212 wrote to memory of 432	212	msedge.exe	86
PID 212 wrote to memory of 432	212	msedge.exe	86
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87
PID 212 wrote to memory of 2212	212	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\503e4fdf27bccf118632739a1ecce267_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd711f46f8,0x7ffd711f4708,0x7ffd711f4718
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,247854285697802041,13081794204484903756,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,247854285697802041,13081794204484903756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,247854285697802041,13081794204484903756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,247854285697802041,13081794204484903756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,247854285697802041,13081794204484903756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,247854285697802041,13081794204484903756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,247854285697802041,13081794204484903756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,247854285697802041,13081794204484903756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,247854285697802041,13081794204484903756,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,247854285697802041,13081794204484903756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,247854285697802041,13081794204484903756,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,247854285697802041,13081794204484903756,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9b4c6bf3e8bd83b786fba287172d582

SHA1
ca416eabd5f00c11e016943fcc9ee158a62b6105

SHA256
c144649ddd5c3e1ade1aa35103955bfc9431dadd85aaa150f821182399f08f60

SHA512
d7cd8ca016acff8e39b5ec6a95fa16c45f1f30ffae8a2eccce384ce2ece3cab2244ab9af4e7813cf32a7f9920aec08efc8eaffdc91950e197085117c5b9ee626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d30cd55418554b2cfd510bf736c412b

SHA1
a9ccf04a9587b8d9c15cce973ccee1c5001b7f44

SHA256
c0cb337a932c30bf1c451c1d87f3f87fb55e96002ec0fe0c6dcb4a9e608ebb4c

SHA512
3c54fc230e8b6d10726cfdf2aa620847e6ab3607283e51ad6af0b00b1efbf65d42a02f7edc206e8292758292a72c640631ae9b0aa6b426610c703af073495bd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c851883b5ce9a73dd8054c124eeae00f

SHA1
26ee0187994db9859858e2acf18fa063ac2d5d7f

SHA256
779cc9d293d101055e39197c6f5240ca155a1ae640c6fe28953f77448fdbe3c1

SHA512
f484a13688a01d152e3d8fd7d0f54216157cbb37ec71d5d2995a1b3ebf5003d28ce1431e7c40423bc72c75ed4cae34bb5f0ad135aa0e3478e109f35235b3963f

Download Submit