74b8fb021a844afa43dc728eb8ff85ddb5350573bd08518e0f69f4866eb708c6

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e958ca8523b1f9b09af670cb0428961_JaffaCakes118.html
Size

19KB
MD5

6e958ca8523b1f9b09af670cb0428961
SHA1

7b258cb8657da29b4c43ceaef7a237cfbde729a6
SHA256

74b8fb021a844afa43dc728eb8ff85ddb5350573bd08518e0f69f4866eb708c6
SHA512

6c8411c810e110335774802fd000079fa86e481f914ce55bc4247f6c6cdcb313bf427aa1e0fa36757e2b66ec16bf1c91de5a1b10c07de62a61cfc4bcaf9ff921
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIp4bzUnjBhNH82qDB8:SIMd0I5nO9HVsvNcxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3920	msedge.exe
3920	msedge.exe
2792	msedge.exe
2792	msedge.exe
32	msedge.exe
32	msedge.exe
32	msedge.exe
32	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2792	msedge.exe
2792	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 3212	2792	msedge.exe	83
PID 2792 wrote to memory of 3212	2792	msedge.exe	83
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 2644	2792	msedge.exe	84
PID 2792 wrote to memory of 3920	2792	msedge.exe	85
PID 2792 wrote to memory of 3920	2792	msedge.exe	85
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86
PID 2792 wrote to memory of 2008	2792	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6e958ca8523b1f9b09af670cb0428961_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80fb846f8,0x7ff80fb84708,0x7ff80fb84718
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,4165012092945173688,15458874215404601998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,4165012092945173688,15458874215404601998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,4165012092945173688,15458874215404601998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4165012092945173688,15458874215404601998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4165012092945173688,15458874215404601998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,4165012092945173688,15458874215404601998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:32

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
704dd2468d978eab3e9997b8558d65c7

SHA1
d467b0b7808f6bd9d41ed791055d9203c076d5c5

SHA256
633bcc3bff3a2f19fabcc7e7aeb34caa897d4f29439d9ac76a0429cf58c0d63e

SHA512
18197db3f2dfbb8527566535cbec52f68f852e62c774ca99c5e4f4dfa25a31b89ae0a648f167c7fa3b70ad7fec0d6c821e5f95ee9bed68f121bd335ed849be4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
859775f14c23ff8bca0c45c383348f8b

SHA1
2e0e9203d866502f25b2ce851fd192c0c91dad04

SHA256
2a898352c8337dddb66791529655e1975deb59acf0dc3f20b997f5b76f030768

SHA512
79facb939f90fe89aec01f459b6aa70fbf2a12d55b80cce39e62c283441bc9cfd06b1d8955b90db1f4fce3135ba699750aa19448474148db728add4c05c38a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d27e6ed5ac2ca52bf5a199e960c8c175

SHA1
beac9ed7927241bbdf6d6f5ed8971e88fcf4af7e

SHA256
53434728d3e3a09bb25e7beac31012498b653b32866a2254a6f26579b0a1beac

SHA512
69cdf3d72c740c4227c0bf14597bf1368cdee7b65b6354b81c0190fccd6416958bac995560bd0f5756cf2695a6f35f6229aca19c6cd9c1ad03e556fff1698627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d3a7cea8943ae4959c8c69f537d2c9ed

SHA1
baabc80a3ff68ac533bcc4e42fd5eaae09befb37

SHA256
fd954101cffffd5304e38eca291bcd28582e9dbb1007932f5a9e49bd331212df

SHA512
6a47b183f577e5887b56247429de4d53777cf6bbeabc970f651df863bad3862f2e3e34c082cfad649d8fd28b8e59a511f0ba7ea850734250caaa8b3bae043190

Download Submit