53353b4d9874feb854e2b4173976b9d98635b44da30426b9cf402b5c0248510f

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 22:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

64fd700eae5a8f552127661863a077d2_JaffaCakes118.html
Size

251KB
MD5

64fd700eae5a8f552127661863a077d2
SHA1

ba0bc4fb3fc2daaee11e664f926f979aed22a021
SHA256

53353b4d9874feb854e2b4173976b9d98635b44da30426b9cf402b5c0248510f
SHA512

369dd4586e7a26aa6e104ef1525f8c7c7cb2febe6d5050e74cc8a98a31365fa5bee68b75fa1ef95f8e79fc934e6d6191099b1f6a009af24d9364a63fc268367b
SSDEEP

3072:1t/QWOX/4TNErQ4g7cXmNRSorRWUzuxIuOgKxUNRygfSZl+yc3Le:UWOX/4TNEEtYXmNRXzwOryNR4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
952	msedge.exe
952	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
952	msedge.exe
952	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 3108	952	msedge.exe	83
PID 952 wrote to memory of 3108	952	msedge.exe	83
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4340	952	msedge.exe	84
PID 952 wrote to memory of 4792	952	msedge.exe	85
PID 952 wrote to memory of 4792	952	msedge.exe	85
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86
PID 952 wrote to memory of 3276	952	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\64fd700eae5a8f552127661863a077d2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a64718
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,2627901619940748132,17410662340339979679,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,2627901619940748132,17410662340339979679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,2627901619940748132,17410662340339979679,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2627901619940748132,17410662340339979679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2627901619940748132,17410662340339979679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,2627901619940748132,17410662340339979679,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\841bf024-b774-4100-8d59-988bbe4b36a4.tmp

Filesize
6KB

MD5
aa14a0094673ed848f2d1984f709a541

SHA1
2838993c4c1bcf60115e9c59b8233c8c83a9fdac

SHA256
275a2c2c24c3fd99bf0a680ad2755fba7671d161c86a10052dbbbcbfa1de817c

SHA512
bb4cbb435703ecea235fae8c1ce96ed9620f53e7f339a9cc6176e4e072e0df48be712b131fdf2db0186e6e2d179844c7661d9d2cd6715d5b8ca569d37206d8bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
821fbc2240ce481d4c7f6c7427780624

SHA1
530dc6eeee207d838afa079238f58bf5480259c0

SHA256
b8cc1eea1ce6704d5958787b309671923bcf29241a5c4269ca7165e9fb52fb74

SHA512
93303eb78e396eafa0216fadcd550a6b5fc3b39523c22ed2002b8c962ddb42cd4ce5b00e2171925c8fc76f73b6216eba5f72554f95b6c117fee4696b1aa42045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
307a105f53efda587f084e8eb31dfdcc

SHA1
0d92f05945575f02566151bd87a3bde8d4aa6c90

SHA256
885d60583f413c92a53aa3c9f9cdabb6cf14067a8fdf3f5a888b865ff00c5694

SHA512
69ccbd1c5581ff70392d209021006649d5f0592477f43aff820f37553b0aedc95943a84301fcfada0dc5ff1e14d24c5e84f4701fd9793f96abb318e526bcfe5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0d60ec55cef55dfdddde7e4f0e32bb0d

SHA1
3a56369afd76eb740242ce2cd66c502763df50ba

SHA256
ed556a623bf8cb5b5774351a00a5904542eafc9c8f1ed80528081b305ffb7d78

SHA512
cc05b6710dba48a4e31ea4d58a5c0865ea4373f6b094ecbfdc781a657ee20d84412414cf069710fa4ad7bc28f867f9d7d16fbeddf936e4bfa3da2cae279355d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
578758890eed6609c0b04903ee77a3ce

SHA1
c824497b428982c6c2424b56dc125ce81e9df705

SHA256
b7dcb45305cc1b01c5356467739e9bb748ffb1242b2c9211b28f881de543edf0

SHA512
fd9a8d82ed78f3434da3defbef14058995ab57caa2975cd424dd22aff81cce35efcabbcf72f6a5a11d0a5703fff03bbf1423fe6c0221c61231afd57580634aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bd06.TMP

Filesize
203B

MD5
046aff75bacb170824e13a6b6438e29b

SHA1
85c7504fb7fe7f2eb40c66ba23b7f03555f08105

SHA256
4115137b589dad07e0f0c3bd53f32cdc270d0bd1c43afb3c469f53a19c70d329

SHA512
fa5960ba926b35fe9dbe17c3a4461aaa06aa56df39dccbb2bb1d1b6d954ea226337dd7ed1cedd46ee796e8c306a208b74e0f45c1172a038d9b6e870664980bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b83db70706e948ee2738571e7dd6e209

SHA1
5a6575dc8718913227b96ae4193462c67cea71c7

SHA256
564c8864925f6b06a5c5a43d6f1d73b0a8da857c99702f5ebb544d2de34d7412

SHA512
02b2dcf60aabab113cecf785372699ed7690d852fe5ebc198fc4627dfe0d281bf50c02422bacacb6e6e3994064be5bbf8e2846e8400a476fd78bd53b5d61f563

Download Submit