6d802a904fd849543ecae36ee926ae5c511aaaf56ac3882dd4ea20f413f1f385

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66738e0aaac2413ba2b020d497ececbf_JaffaCakes118.html
Size

350KB
MD5

66738e0aaac2413ba2b020d497ececbf
SHA1

c4478b47c56df3dec4d34cc6660b890a061666b6
SHA256

6d802a904fd849543ecae36ee926ae5c511aaaf56ac3882dd4ea20f413f1f385
SHA512

683865d2b3081686a6bd82c27254dcd6881562412b956a8126189439b24814077156699921b3b97ace52dac2e65ae62933afd5605380098f0f6209620a407f36
SSDEEP

6144:SwsMYod+X3oI+YeisMYod+X3oI+YAsMYod+X3oI+YQ:F5d+X3gg5d+X3Y5d+X3+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
1760	msedge.exe
1760	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1760	msedge.exe
1760	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 4724	1760	msedge.exe	83
PID 1760 wrote to memory of 4724	1760	msedge.exe	83
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 60	1760	msedge.exe	84
PID 1760 wrote to memory of 3696	1760	msedge.exe	85
PID 1760 wrote to memory of 3696	1760	msedge.exe	85
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86
PID 1760 wrote to memory of 3408	1760	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\66738e0aaac2413ba2b020d497ececbf_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe34424718
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,93668421727887638,1903293142503384043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,93668421727887638,1903293142503384043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,93668421727887638,1903293142503384043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,93668421727887638,1903293142503384043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,93668421727887638,1903293142503384043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,93668421727887638,1903293142503384043,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2632 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae826510af44305d7d1f020097a849f9

SHA1
b31b4b1aa69b6f92fa30da83a7a37bd65b79ad9e

SHA256
faaa30c598adaba4b9559d5d0bf76880086fd233f18fb39fd1df352c5a3849bc

SHA512
4fe325caeeca3525309a2030a9563aa47a44fedc9affbcf03b397f0800c054dd795a2d2540f4c8f9275cfa04d4197d6ed228b54ea39308281c688e95266fb336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
54fc9e89eeb486ba087318eb4faf7895

SHA1
7bf93e15fc177ae172773ff064678b709138abe0

SHA256
ade2346f9d960c97da3fd55a798e9114466c2e1767b47f0cfa485e906de08092

SHA512
c0ede81d81c52216cbab15689be163e4fdbdff4d63a9756877fcc1e06c05cdf783074ea4e591a0ba63fbddae401437229f8ca9d70abd4ff864c2a9577d995fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
311913512b113d212c52de7330eddf4b

SHA1
4e2ed081548cf6230d691efb2ebb847dc0403182

SHA256
c894380e4bfdf234a162ee541d60b1390fe45033d3d8771587efd2a8927f2396

SHA512
102502a180a190caa03443e4c0b61133f739d62169da187db783ae5e47643243a2d73b0a4efa75620cc1b764f933f52c5c86179cbc61a563b54b58953ec7b7ae

Download Submit