324d6f1cdafcd21e21868fb47818b3a6eb968348af84d69a7916b1c61afd423f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 10:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

66ebaa3d48640b51aef831deef9cfd22_JaffaCakes118.html
Size

19KB
MD5

66ebaa3d48640b51aef831deef9cfd22
SHA1

857e64162a7b4e890f4d9476f831ee86765b7e4f
SHA256

324d6f1cdafcd21e21868fb47818b3a6eb968348af84d69a7916b1c61afd423f
SHA512

f2e9660fb9121a049326197b7996f32608b8788a980b655760cc73a44fcd7fa4e698c0cbd38f4c7961d233171d57013c8918708631e29b05c93c3f44c0c00367
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAI2AEAsB45qaCKUFUf6zUnjBhhuJY82qDB8:SIMd0I5nO9Htsv4BxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
1804	msedge.exe
1804	msedge.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 4980	1804	msedge.exe	82
PID 1804 wrote to memory of 4980	1804	msedge.exe	82
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 4580	1804	msedge.exe	83
PID 1804 wrote to memory of 5040	1804	msedge.exe	84
PID 1804 wrote to memory of 5040	1804	msedge.exe	84
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85
PID 1804 wrote to memory of 2460	1804	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\66ebaa3d48640b51aef831deef9cfd22_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ad3946f8,0x7ff8ad394708,0x7ff8ad394718
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16912794740729174467,17362197406666487590,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16912794740729174467,17362197406666487590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,16912794740729174467,17362197406666487590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16912794740729174467,17362197406666487590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16912794740729174467,17362197406666487590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16912794740729174467,17362197406666487590,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb211eb256ed1b96a7ab4c1f0c59f79d

SHA1
c515a2f21c9dc196273e965ca8b34a61d5d86711

SHA256
ce57ee954d8c51eed220388faa112fc969af46a5521de92c2c61568bb532bd87

SHA512
82fd60b4890315d50b41035ed56b1b10148263b4fbf5c50d784c6cac1bf51f8fed6d349c8ea91124ec6e806160032d51b6ea9360b9100749e1c3b283b702d9a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a102bf4e07b488c9bdf1733f6025d792

SHA1
a60e8500383122e7ac7577f900aa47fa083094bd

SHA256
0b00137fb7a960efb01f8f173dc0ad2a0e766d3fffbe2e68487b41e10b2f3475

SHA512
c1ed86831106ea22657d32cda53720a4c06fc01909411ddc58f3722eafb17e866bb03585f3049bf5bf21472c5d3789d09cb4a9a389c9fa36da614536a88a2232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
397c43809fca3fc8c43a35f76cc14d11

SHA1
85f55380957827f4486680612ca25e139e2384ea

SHA256
af694fe2e6dc724c57424544af8827ba1a31c1dab12dcea79b48490732e03b23

SHA512
918806714f55eef9994c2284574217f0025eb46d979875e7296e70290e89f3c188dd525b353c85d8262525ca3758da87f81c6942894ba08465c156016538a836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f657c3959e69cf1be335e9206ed19cb2

SHA1
c60ed1feb97735c3e4f8f70867c4219dfaebea20

SHA256
97ade1faf07f208b2ec52186a3f4c2dae04010f92be86720727f71c1a680b555

SHA512
c43fe14d567cb50ac454bdfca52c110af70d6a46a643066633d65582c7a8b27d937193c8c82cf1571445bc6688816b1193f78157db35aee1506e92572b9a4d85

Download Submit