576337ff7b677b878a417c804d6d3053d9c4b9cb415e89f71218e0f6f09f403b

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 16:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

600760471b1b3e3b45b2891a3d0f962b_JaffaCakes118.html
Size

213KB
MD5

600760471b1b3e3b45b2891a3d0f962b
SHA1

a850a87fdfafbb3a0f6199e43a29101136bf05b1
SHA256

576337ff7b677b878a417c804d6d3053d9c4b9cb415e89f71218e0f6f09f403b
SHA512

b668a392e10ee2e20ba49007b67b2dbf989be492f0991c19ba01c4146dd41e2c9722377f48323c747c26cab00e1a94f912f2ee5f2c565490a1bf845789060eac
SSDEEP

3072:Sf1KI1841eJyfkMY+BES09JXAnyrZalI+YQ:SfbIssMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2812	msedge.exe
2812	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2812	msedge.exe
2812	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 4368	2812	msedge.exe	82
PID 2812 wrote to memory of 4368	2812	msedge.exe	82
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 1968	2812	msedge.exe	83
PID 2812 wrote to memory of 2888	2812	msedge.exe	84
PID 2812 wrote to memory of 2888	2812	msedge.exe	84
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85
PID 2812 wrote to memory of 3416	2812	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\600760471b1b3e3b45b2891a3d0f962b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec5a346f8,0x7ffec5a34708,0x7ffec5a34718
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,8377580024999063110,1143547416331244366,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,8377580024999063110,1143547416331244366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,8377580024999063110,1143547416331244366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8377580024999063110,1143547416331244366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,8377580024999063110,1143547416331244366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,8377580024999063110,1143547416331244366,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cd46dde02dfc09539133087dd0625182

SHA1
268e1c4c1b7fd39f3dfb1ef821f31717d8d17b96

SHA256
43b89edbee41093af7b8e89f2f5c2966dc2d2a8a0ccfd3feecb273d5ebb2b207

SHA512
cb8c851eb5e592746a2f2cfe98b8603577df0285933e3a46222a8da242b7c80f4f18e34fd6634b7ee54c6af15aa519d96ddb01c8bab94e0caffb3ad066cf4ba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
31b8482fefab959bf6361e413706ec70

SHA1
894c01c76ca650e6c6318b6e5246b874482edefc

SHA256
bf32c9192d569c94f56d410b8fdafdd32b276ac3c592c3c476c1b792cd390fd1

SHA512
957023590e0eaf152667ffffebbcc941c55fa19c4467b626ab053976f9771a9321e2a9e4f517e48e05633a345a0526fff6eb2650966f20126ee9e6d7bf116429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f4bf878fbf5fd56523b34f923696538e

SHA1
b8008e0a3f37ebe9a0cd878626b270cdc85b760a

SHA256
449ed3a5d9ca51f7c20772cd123eb6b93db32c24acf092d93d6aae65e673a38d

SHA512
73b8cf742ecaa2b74a7d9cce9f73dce134efe1b560062f98faa6505f6db3b2c96ea3d800d9fb624113636b1655f2c8067ea1d7179dda963d6127cec7787ac85e

Download Submit