7079894425504a9e17a718644f44c43ccd547aa0df22ffb49960477683cb684b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70fee945c1f152a1062ba2ad7bbe8c70_JaffaCakes118.html
Size

17KB
MD5

70fee945c1f152a1062ba2ad7bbe8c70
SHA1

b00d90c6b8e9687993040469ffe5261a80efc6ab
SHA256

7079894425504a9e17a718644f44c43ccd547aa0df22ffb49960477683cb684b
SHA512

25d5078501ea7a4976d258251e3aa3791157b26183b5748634a28e864a04568a655c14bc6fa874ea3473727f3c54e8fbadbffc1daa1282abb09f43b73dac6c50
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIg4gzUnjBh0u82qDB8:SIMd0I5nvHJsv0dxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
3508	msedge.exe
3508	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3508 wrote to memory of 996	3508	msedge.exe	82
PID 3508 wrote to memory of 996	3508	msedge.exe	82
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 4832	3508	msedge.exe	83
PID 3508 wrote to memory of 60	3508	msedge.exe	84
PID 3508 wrote to memory of 60	3508	msedge.exe	84
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85
PID 3508 wrote to memory of 3760	3508	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\70fee945c1f152a1062ba2ad7bbe8c70_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff99546f8,0x7ffff9954708,0x7ffff9954718
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3942040250492596695,10843657703059432001,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3942040250492596695,10843657703059432001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3942040250492596695,10843657703059432001,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3942040250492596695,10843657703059432001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3942040250492596695,10843657703059432001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3942040250492596695,10843657703059432001,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a78682ffc097d9d8287e93f1af8ba664

SHA1
53509f13a2ef220f68a27debb6da15eb12735bf0

SHA256
de65e4f7bc18697c092c7ade491c0508ea2f0c6c12a6a4d9dadf83eb65f3023a

SHA512
9d4bef22d4a1e8247ff37c0ceaea2d6eae36fff02e0fa310798d145a3f97de98d5e74996ca333a72187e71c259139e0f0aa90fce1f4eb6191e326ec17656dfc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
395e66d07b2d709a5d610137cfa23716

SHA1
e31c34db812e8f163767678c317ec0f368149283

SHA256
14c69978fe3c3a6446fd31545da60712bd8ad5658df7e4cb5490bb6c06cea4fb

SHA512
c9944c1651ec62d8a8d006d9af33a75eee380addefa6516dc2f3d1f73c7032f3c66f5ea4daa539e591e46e7909c5499ceb3c55148ed8406b9587686a47af921e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb31a6a14340b40c6d0aa95365931ab5

SHA1
c9ff5a8f847eb0e2d4a504af4186a8f9544250d0

SHA256
db789898777ba92c810ce0b803dd101095969f2499e3c7db014265272f839f17

SHA512
af290ff3ac4e8bf97b78ce77607bd43e36caf5108b5dbacdf1e0fa0ba82b3e69654bde10bb65ac6b59d9c3fe7a77019e6d8c04b44c6849bb84cbe8ef6b7f560d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9e3e0a93041dc4c60bc6b9f9b48a48f9

SHA1
d22c4b17607076e7ecdd910a4efc119d79bada85

SHA256
ecc89292fcdbc44c5540256281f08ad63ed42837f6a7897d0df00b5c9222b198

SHA512
3d54d45bb3764ffb06430a907bc64c3ffbaee2977f2e97228ba566b7e7bdbee786064cff28fefb3b3a0ad49c254fd6bc16d017a2bace0cbcb0c3d835e11485b2

Download Submit