d37539a07ae6e0ca509b935e9843adaa514d386dda75600f1c2b6dbc447ebaca

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74f9229ffaa8dd3b88f89f383b335e59_JaffaCakes118.html
Size

98KB
MD5

74f9229ffaa8dd3b88f89f383b335e59
SHA1

143ad42ebd12c0a10560b0a29b24371b380ab63f
SHA256

d37539a07ae6e0ca509b935e9843adaa514d386dda75600f1c2b6dbc447ebaca
SHA512

8385a8f8d7d24c29d5c5922fdb76020b0fd9ebdc3f795b97db43c3ef324295ee5fa6b1c341ec27b08e5414ef7acce1aa15acfe35bd0e4412269721524be5845f
SSDEEP

1536:OPJ+UiSCvZYFlO8+hroABH42e2c29ELoGWPOdY4bqVVd+/5bgfu4cowDJfaRHRoZ:OLzZizejvxuYy3KitZSFyXTYaLqz9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4984	msedge.exe
4984	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 1480	4984	msedge.exe	83
PID 4984 wrote to memory of 1480	4984	msedge.exe	83
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4536	4984	msedge.exe	84
PID 4984 wrote to memory of 4260	4984	msedge.exe	85
PID 4984 wrote to memory of 4260	4984	msedge.exe	85
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86
PID 4984 wrote to memory of 2536	4984	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\74f9229ffaa8dd3b88f89f383b335e59_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6dc846f8,0x7fff6dc84708,0x7fff6dc84718
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,9067921841983884728,17804579803690897057,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,9067921841983884728,17804579803690897057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,9067921841983884728,17804579803690897057,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9067921841983884728,17804579803690897057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9067921841983884728,17804579803690897057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,9067921841983884728,17804579803690897057,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
69KB

MD5
ff304125b8c79b014ed61b0092bf5cdd

SHA1
e4f44b9a8f93bca966c5eaaf2abb4627ac75788a

SHA256
1d0523b3ea0908cb3d6c02d81c9c86276055ae8ff2d230e3c2171cf439a37c65

SHA512
02224044f43fefffc7eb022f09bf9eae34abecbb3387d3369486cda8d3c8a0eaca5ac820257ae60a308226f89db5e7559257f5e81c44e884a3acd3ca5605ba26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
313B

MD5
252f7116f4472438d049d857dbb736eb

SHA1
3b6fef583024f41c21673a423a08ea9bd0651c7b

SHA256
df5fe5b928e77247f4feb34fcfa32dc03b161b3eb747f6bccf1c5a5e85312eb9

SHA512
5c9a198329923ceaf079a896b7a54e5f77f09ed3ba1ef48866fbe96436eb7064b64c304dd751ec9102275a973a34f1d23379277362368f183d0c87851c6c9eaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8683223168096a2f2a93637f9746d047

SHA1
eeb435ee136169931bf9ff32590b9f3fd43595a2

SHA256
9a3d1b2b7f3b85d515fc712474bca97bb622f2e756d41b0425d1abcba93061a2

SHA512
f4235d6728e7437266e137b0ba75282ad4b8ca95d142f2bce2bbeb7f784c31ba6d72bb6a8a74673bf525b7acf4a35db516a5b65e651bdc3547e6195310a7ffe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
78af49f8de38f936aa2ece646be8ddef

SHA1
b3afb2c43c2430128f9c5e10ea7f2678406aff18

SHA256
a4715f3245dff7d15318221fb1866770c1690380b6c1585ef26f808494a63eb8

SHA512
57558c5bcfad47e654b5dc581e59c5e21455ccb1bd8f8f3a7fd7a52cc92157d6985a22d7c57a4543003192527d39eeb464c13a6714ad1620798f83a5d7d7d07e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8924201b990d8a196747653cbf9804c6

SHA1
c6eac78a0d0ba33aab9bd86d9e0ee28304e734d4

SHA256
f501615d7a0add89a8ad88fdddd4ee9e365cee24cb546df128ee01c73c3cd5a8

SHA512
235989fc8c861eaa1d1d5162b8a8345da971eff6beb899c6c91f365d9650bb664177aff867be517bdbcebe5c9e1c30fb9c0a5c5dce12f532acaedd9487737042

Download Submit