75fbf96b8e8688f9c2a02691a3fcc31a35d0b1ce84d03dd3d254f75095961e4c

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d24432c0b4a049a1e1928971e14820f_JaffaCakes118.html
Size

214KB
MD5

6d24432c0b4a049a1e1928971e14820f
SHA1

211ec00166263f1d79db4ae75d670d8c6a859367
SHA256

75fbf96b8e8688f9c2a02691a3fcc31a35d0b1ce84d03dd3d254f75095961e4c
SHA512

f42eb71c55d8f459754a04b20b8befe4e4bc682cfae0805a55227aaa30204856e865042d50388407699c2316c9f7878742f15fbeb204bfb0805b50230dbf2a44
SSDEEP

3072:jrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJa:nz9VxLY7iAVLTBQJla

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
2748	msedge.exe
2748	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 4820	2748	msedge.exe	82
PID 2748 wrote to memory of 4820	2748	msedge.exe	82
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 672	2748	msedge.exe	83
PID 2748 wrote to memory of 4116	2748	msedge.exe	84
PID 2748 wrote to memory of 4116	2748	msedge.exe	84
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85
PID 2748 wrote to memory of 1316	2748	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6d24432c0b4a049a1e1928971e14820f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff99546f8,0x7ffff9954708,0x7ffff9954718
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9626523942325328607,14763076075664219195,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9626523942325328607,14763076075664219195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,9626523942325328607,14763076075664219195,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9626523942325328607,14763076075664219195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9626523942325328607,14763076075664219195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9626523942325328607,14763076075664219195,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7517033323baae31b1bc7920c421c828

SHA1
3c861a031e8ae73ffc9304a4159336a8cdb7780a

SHA256
2ea67b7dfe50d13a550952dcd420f6dbcc59d6a22c8303996e5d0257d8b114a1

SHA512
a408845b9f73d5486ba39591522512b89b39d0abe4ed5e9cf40e95e452ac9d235953561ed43594499c3a45c4286a6d8c78da3fd3a570d6b37a1cd761e565fb18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7a855164e37d7f6f6f4bbc38ef3c871

SHA1
ba955d0d72baf1402463b81f3232ab35bc191b82

SHA256
a44212b7ec72b98cc9bf25fb2cfa3de8246497101661c34ab8b6c12a0f8b9854

SHA512
05b437d2dfe1f641ac646ef5e8f710f09cb4a9c70ee291a6bf4fc2e3eb095743a59c877dca4ac0c6d8b601502c918b08c8991020d5b87a59c46f81147a2d6895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
611ed8d8628f433dc2ef8ea9f4883814

SHA1
da8c1a49699d9e6c42a5e64d1616133efc811a3c

SHA256
48a1972f8d31831ac7f7adc3c3868fca2f7d0e723b41a506d1d4725ed1ce7f0f

SHA512
f292a1604ff2b914751e4a613ac788f7058c75e8e80e0d8baaf3aea98e9c35fd4ee7ab03b147e7639f62bdb3ffaaed455f8332ae763374d79dd889a9e7efbbdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d30ba137f4ed24f22ebfbe723d4779dc

SHA1
014847e8368d1d4025b70db8b2f31f6932e4a2ba

SHA256
2341bea68e2998532aa5de52c857b6858621a60bbc006ebbb377273f53c4fb36

SHA512
80215a12f3dd010e91aad0ba18379b4f154a6d24b0666f3560899ae575987429c4b824beb735580b51c751f50d28cfded4312dd64a2434de0c6bc704bf571121

Download Submit