98bd9e3373a42ae8a782443cd493bbb63692dc0eb6c49efbbd80ef53701d63f3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 16:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

79c9065e3b6ecb28c08d05399ebfbd34_JaffaCakes118.html
Size

139KB
MD5

79c9065e3b6ecb28c08d05399ebfbd34
SHA1

3b06da3afffe772655157c36fca2d5772d3d304f
SHA256

98bd9e3373a42ae8a782443cd493bbb63692dc0eb6c49efbbd80ef53701d63f3
SHA512

012c9bd1e2f57eeb7c0bd3d2aa0a1f00c10a5354766592195966059cb779bb9a1d1c0ed4c72a59183791ee3eab8f0ab8314c10c96c7ba5ee1f5dbe511e842e1f
SSDEEP

1536:S5vPSgg7lI6yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:S5h6yfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1696	msedge.exe
1696	msedge.exe
1412	msedge.exe
1412	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 3480	1412	msedge.exe	83
PID 1412 wrote to memory of 3480	1412	msedge.exe	83
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 528	1412	msedge.exe	84
PID 1412 wrote to memory of 1696	1412	msedge.exe	85
PID 1412 wrote to memory of 1696	1412	msedge.exe	85
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86
PID 1412 wrote to memory of 1492	1412	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\79c9065e3b6ecb28c08d05399ebfbd34_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc65f46f8,0x7ffdc65f4708,0x7ffdc65f4718
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,600174973744997737,12117617480104614632,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1468 /prefetch:2
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,600174973744997737,12117617480104614632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,600174973744997737,12117617480104614632,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,600174973744997737,12117617480104614632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,600174973744997737,12117617480104614632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,600174973744997737,12117617480104614632,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
571d238a8097e86f65395856a6f28684

SHA1
232ed67a26fdf8230c89a541f34b266afb287b11

SHA256
d28499c4c6cec9688d01f3e3c3cef6b5c285ae507030f0389491cac86b0a047a

SHA512
67a60d5fd95885fff64cc1cc92ee7dc24c9ece3be861e05211ea932fe6e22d2c41d6e32e2b2a1dc8868b86d140d8bc373ee30a282224474cca52d0f7962b91be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
50de14f14d9382b433d27b47458a0b14

SHA1
72ec629a1d661815211615fe9914b431db169c48

SHA256
23aa9a3ac3d83109bbfedb6d3741051027d30b7f1f9d6e1e614f439e46513ed3

SHA512
3153b2e00d36096ce57ce207d72be0ac1d8c522e1343f443a89c85044851c33481225287958a0f6edf27c4db6de05f8954259c204da00bbaed359b1d7093afa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c0d692ab775827136766151887c1a2dd

SHA1
4de7fdb882d7ef419942ba1fd3d9aa79cb98719b

SHA256
52c3d86bb31066dbe8e110ecd30379a3ba2313246ec48c257a7ff19e4e6f089e

SHA512
bfc36fa4a126334649e182600be5342f3cf5adab709e61d995357aa945bfb6717ecf7710583e1c6ae0c544e6d3ca623378701744318798417fb509a9c290149b

Download Submit