6aafa02a2b026233ab4ae78b8e1a93d89f5999e58c46703049abf88b1df620e4

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 07:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

668154404dbf2226b77945599a69c25f_JaffaCakes118.html
Size

19KB
MD5

668154404dbf2226b77945599a69c25f
SHA1

6a0a8d428785ba1459f1ae854407f213d4147455
SHA256

6aafa02a2b026233ab4ae78b8e1a93d89f5999e58c46703049abf88b1df620e4
SHA512

d071103996cc5b5a25225ed06649e001d9257d7d22d7145def1de496e08b0f11080c9ed2cd31ab73c419f784d6c55e4d76c01153f74e1076ff037eedb6bd5bde
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIz4fzUnjBh9H82qDB8:SIMd0I5nvHBsv9cxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
348	msedge.exe
348	msedge.exe
4592	msedge.exe
4592	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 4636	4592	msedge.exe	82
PID 4592 wrote to memory of 4636	4592	msedge.exe	82
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 4076	4592	msedge.exe	83
PID 4592 wrote to memory of 348	4592	msedge.exe	84
PID 4592 wrote to memory of 348	4592	msedge.exe	84
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85
PID 4592 wrote to memory of 656	4592	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\668154404dbf2226b77945599a69c25f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e53746f8,0x7ff9e5374708,0x7ff9e5374718
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4733579468259509240,12069731612991287051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,4733579468259509240,12069731612991287051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,4733579468259509240,12069731612991287051,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4733579468259509240,12069731612991287051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4733579468259509240,12069731612991287051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4733579468259509240,12069731612991287051,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
901cdb4b45abbffaee63c34553838129

SHA1
d24dcd30aad95fe0c04491f6ecf167c38c12c1c4

SHA256
b7cb2f18fcae640d342159db6ae1184e9c079e01d3e1818d02611862ed1283e3

SHA512
d2587be4578bcbb4e9060a156faee252e5b736c46a2c86ddc0bec5037399e9385a3bed51084bbd5aedeb8d516cf4dac630cda9baf6fa9889a0f7f7b032f6b1ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
634eae291b9ab33e37a3d9d88c0b52a7

SHA1
ba4d188e4fdcd4be1585055f140e772684581b55

SHA256
7ea09b21f61d4eda21a16774389e618ae518f76ffcb773994a07534b520489ce

SHA512
d616aefc6531824c1bad1b752dfa3954dff0eaf4edd8acd55a3291457df76e27bb91cefa41c1e7dea65c8d89cb591e7df2675ae26a0365e5f27d798a6e066aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f31f8b59c77cb404f0bfbf69c837d38

SHA1
25cd845a760d6e55b455b0fac21dedf1d39d097e

SHA256
e9f8e4d41cff92241cca280deabbba560e9e9e5bad1e3e6ddf0282af8dfc0f0c

SHA512
6e14fd58e1b15b660b0593b353ee3e6f3fc0395c1cff80bdf7ad78acbd704bf584d2c07b69f137c8a5cefcb3f477d11ecd3fb2375ac2d8c4474bedb9a7c44a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0ced6a823eae1c9f4b10cd06620c1e39

SHA1
ae59fd5681f5ff30c53058f5bd7f1d8f4c1f0033

SHA256
5b141d70f498cbd5b0826b82c2d695336aa7a2a6c3a46807cd6a479acae359a4

SHA512
404736464eb553708821ee44abea72151d698d61f1bfc75bb424cf42c3836b3c86f7b00af03eefb06266fb587495e2593e5c1716e9dc7150ad02021b600b84e1

Download Submit