a83a15a82dd0268f30708e80b874b401f230daf6c924cafd57f1841a63bcd7ae

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67b8031f975d4a65b72797a2d1abcb25_JaffaCakes118.html
Size

109KB
MD5

67b8031f975d4a65b72797a2d1abcb25
SHA1

62797f038a4077418239ba84a93c491b63ce812d
SHA256

a83a15a82dd0268f30708e80b874b401f230daf6c924cafd57f1841a63bcd7ae
SHA512

2eb16851ab905641a16c3197574cbb2a3e0e18740c12841036e40871a9e5443333e9a4a80f78fa9f15d13195a492c289c3a61e8f55ed6196c0b6938d9a6be732
SSDEEP

3072:joAnmo7D3QpEzhUt/ibwm22Ptt1ETwNnl6btjSCxTOWCjkr+Wq9+bgb6zJq05+hT:sxm22Ptt12wNnl6btjSCxTOWCjkr+WqB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3216 wrote to memory of 1932	3216	msedge.exe	82
PID 3216 wrote to memory of 1932	3216	msedge.exe	82
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 956	3216	msedge.exe	83
PID 3216 wrote to memory of 2996	3216	msedge.exe	84
PID 3216 wrote to memory of 2996	3216	msedge.exe	84
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85
PID 3216 wrote to memory of 4648	3216	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\67b8031f975d4a65b72797a2d1abcb25_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9303d46f8,0x7ff9303d4708,0x7ff9303d4718
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12623548125907459105,170273175779669397,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,12623548125907459105,170273175779669397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,12623548125907459105,170273175779669397,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12623548125907459105,170273175779669397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12623548125907459105,170273175779669397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12623548125907459105,170273175779669397,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8168 /prefetch:2
  2⤵
  PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
92KB

MD5
b4426e3509f1a860f97d8bb6810ffbf1

SHA1
fdee41c4d7da8117b105f45a4a497055236e577a

SHA256
b02c09b55a30e61825374119652b6de0a58e801aaa258252838bfb61b5b50d6b

SHA512
d0aebe0c62eb180cbfde91b3fe23099b0911044a13b66c18cf55e46041c871ded87de8a2b1ad0e17d972b98adf5c6d25218f2bc82b3c5621f78f4ceb7b75e1a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
36KB

MD5
7dcbe37400493b4daf04a94166130edb

SHA1
ecb8a5a6233e3e3e9e11431fd5f7f825923fe472

SHA256
bd32d5cea7fb78085de7d638e2069c353eeb1334582c5e38d734888c54dd97b0

SHA512
767c742cc77dfa2b0cf095b59cd720fd2c2f66bfb549f8b89fb33da0b1d171ad83e6b24b024bc41bcb758d9470530a37e6f94ee61571b5229c31c41b786a2427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
596B

MD5
a1f9567e40b7db9a662738557ff738a1

SHA1
f376ccb3b26a7aa16d4c3be04cecf57d1b4cc7ef

SHA256
e152ebf2e62890f64e720a03b58be84aeda24c35ef91056efcdf59944607f9c1

SHA512
503def48dd250b9a1f510350a2d73f3ec942061e3146f530998f9749e9d6eae41e332b03cbb4e3598be92587afdbba81de4227f0df6d201bbf268dbc6f86ebf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
524B

MD5
e4426dc199ea1100e1cdbf204ba2782a

SHA1
dafde362e1eaac2e00e7bc823a28897890b4d173

SHA256
ef4c85dc83129c9950fd7eb19a1e4a693e87e8a83789bd1e80e9b190fa8beb0e

SHA512
d190ebe9dc3d2244b14bcbb1d31fa3b4e2ed66fa114c7c268638985c9c6fed9d7a9832d29ab5347a137a45af8df803d14c4b158285aaf41b2efceb79f4a0f10a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a65f8487a45057a8736abce9af2ba00d

SHA1
0b8034bb22b8f2567f675999554b539e3d7bd630

SHA256
45021eb53c0b05ecfe8901a917bb5a8ffb5dbc3ee2c5ed91cc24e3e03d0b0e0b

SHA512
8872044e2dfa2488e7a7b7498dc78bb9b3beea604d61f1f437bacac47839568ef6a04ebb7915c991a385ab366139c9dd07dd9eb7af344477c6666fd1d3ab626b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12fd5479dab7333bf2be15c185520069

SHA1
b7b427a23a0dfba6e0876f07a43b992a0bcd1e6d

SHA256
2cd87daf81f01d191d3257417f06c83cad0d2a89b190f7d7c08bb348924c107b

SHA512
ed4cc49586db2f31f77449393e3bc6330049eb34323bae61e9b5a2941ee8b59c62589dc9ff5ecc962e62b83629ac37f83291897fc567df9bab784452939b70fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
af607df2da7c9983cff0e0b58f026ae2

SHA1
82f1676f84697135072177e57eb68e925bad670b

SHA256
3ccdc30baa56967ba3da2a2e9aeaa3d9624cc42358b36c370b0c51393cf9a903

SHA512
f7069384005dd2be9aeaf1c336d2ff745ba225237c541ba102b292872b4b592044d9e1e7cef48a86cbf041fe12940db41f30557951327bb5daa21da65e353990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
10d75a612cd7085b5438b00e2be5d92d

SHA1
16391bf5b19ef06feb88e5a190814b7790976a9b

SHA256
b65a65494aa9702bc839ecfd3c734dadcf71609c16622e15e95f92d6cb1c9176

SHA512
fc7850761429a4f890a54cf757468535ab206108db92df8a2281be58362de8c8061eb5ae4e21ada13a87f6fb0ba595440f35f642b2a5d04f747231d5856853bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589100.TMP

Filesize
204B

MD5
65d06a033d1f78a720fc73f53c5637d6

SHA1
d86835b17e86df70a008bee4c9d5eb3bc80e8b0d

SHA256
6c2791ed44f77401d818fb3da1d5a3586950fb618a2bb859f6b5fb8b90addfd2

SHA512
75e34b87e835adf55c9bafd1e05763eda3bf565d4f6bf15b0c56f16a11b67784d204f63c1e77bf452660dbe10591c3ad71a47cd484cc7d8f09c7953519075030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
18c89699656303304ae55ecc8625a5dd

SHA1
4bdb56b4d41fa769769afdf5ea1db207a20b847a

SHA256
3946ed1f5f3a436fa5a208315c8e0249946b2114a7ae54e625ec0df06c5576a4

SHA512
e9c38f315ae552d4333f142bff46330839cea33f0cac15d0e42e5904c472126d12f3c7fe52dbb1b7a3d405029dd970b950646e6d9caec954e2e522a3d1fca759

Download Submit