1f9e0bb40e7f4d71c09a44026998c383217dc20a6aa6eb192042ae97eb5d93a1

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73a571b876a13257ded54cb7392be731_JaffaCakes118.html
Size

145KB
MD5

73a571b876a13257ded54cb7392be731
SHA1

ebfbabf2476031c207b68a7977ac244156626c01
SHA256

1f9e0bb40e7f4d71c09a44026998c383217dc20a6aa6eb192042ae97eb5d93a1
SHA512

36da7a74bbad869d207f5fa983e114b875c9ec5c1b6f6d7f36683012569d0464a9a3ded8985c967e9f2f3bf0bb18ce0240af63ade8881e506de2ffd4de03329f
SSDEEP

3072:cdcSaVMIxCq0Opxxlzjk/nyfkMY+BES09JXAnyrZalI+YQ:cdraJsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
4692	msedge.exe
4692	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4692 wrote to memory of 1888	4692	msedge.exe	85
PID 4692 wrote to memory of 1888	4692	msedge.exe	85
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 5048	4692	msedge.exe	86
PID 4692 wrote to memory of 3284	4692	msedge.exe	87
PID 4692 wrote to memory of 3284	4692	msedge.exe	87
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88
PID 4692 wrote to memory of 2308	4692	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\73a571b876a13257ded54cb7392be731_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd329346f8,0x7ffd32934708,0x7ffd32934718
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4930100861499876651,2314753885732355142,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,4930100861499876651,2314753885732355142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,4930100861499876651,2314753885732355142,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4930100861499876651,2314753885732355142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4930100861499876651,2314753885732355142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4930100861499876651,2314753885732355142,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
834cfc763cd0e046a1e0142310cfe035

SHA1
22660430e4c429600a0695d57e1a42732ffd6a35

SHA256
1172763664ae9894c715cc7363a357b405c09b4aa5b4852a39603d5738bd6907

SHA512
9d4387c9e4171a64a8baf920bd651d50a3a7eba6acc4aa648c2eb77ef5388016bdce0fc61ef428ea6fd97e7e75813378e836426000e09dd9b5e0a3930f9134f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b9311ab6aca53967f79f6f9ef389a1bd

SHA1
3058b09d54dc1dfd84f25e14c884e21ac3f2d52f

SHA256
d8fa8a2e94b87d95668e2291417be21330a7e8848cbfc27ff446381f641a794e

SHA512
71317d8dd9efb4453094904a03bb5391198149259b830b6d7f133d71cf21bba57f90f36630d515b9fa8419b01fa5a3b1f818c5ad2ae4462e54b7c8068080aafd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e347dc03501e5a5c27402a15b201d92

SHA1
827fc175f898a69473c4ad6f323759f7fb22bd39

SHA256
2a55214c2d965edf509410ac3b7ac118af722601a3034f5eed4b9e733b8a5bea

SHA512
e6a47cdbacc4162ff7a45de767ce9385379640a9fae39a516b3f676b6f0f81c31ac2b8f344b3ef37fbf8edb0823f324f5bd0df97bd74e9d0faf359288e41116d

Download Submit