be35ef0d1ad44f600485971eb021f6d6b26b4043d1f75684c977649a019c96be

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cd97f99539badbb71644f12ba3037b2_JaffaCakes118.html
Size

54KB
MD5

7cd97f99539badbb71644f12ba3037b2
SHA1

95dc83b49c0d825448359e07b658ffa4730f9f35
SHA256

be35ef0d1ad44f600485971eb021f6d6b26b4043d1f75684c977649a019c96be
SHA512

5768663ceeefe157352fcdde6e7a8e5498a99924972fb83efda7a3a3882c9be3b335ab3be5b1da4e999ad88d013902ceac33546910168a632d356e3a48e50f3e
SSDEEP

1536:Jpp8eMSm4bzyN7OZEs5tXayG6BOOv4/Z/ooZs:uSm4bzyN7OZEs7FG6BOOv4/RooZs

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3492	msedge.exe
3492	msedge.exe
2008	msedge.exe
2008	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1812	2008	msedge.exe	82
PID 2008 wrote to memory of 1812	2008	msedge.exe	82
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 1456	2008	msedge.exe	83
PID 2008 wrote to memory of 3492	2008	msedge.exe	84
PID 2008 wrote to memory of 3492	2008	msedge.exe	84
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85
PID 2008 wrote to memory of 904	2008	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7cd97f99539badbb71644f12ba3037b2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8e0146f8,0x7ffe8e014708,0x7ffe8e014718
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,4746587860955661385,6118718725118084468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,4746587860955661385,6118718725118084468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,4746587860955661385,6118718725118084468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4746587860955661385,6118718725118084468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4746587860955661385,6118718725118084468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,4746587860955661385,6118718725118084468,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b3253cdbbb4a0c9e5e3c082e1c1168df

SHA1
239b96bf831aa4796c9ca9f6d695af52a9900c3d

SHA256
80539e54f548469e256f22f400d354c681dd80e73a588f9337d36c98c8f460b1

SHA512
ca0e71d7bbaa25d72699910517cdece9d69c94e1b835f021571a924add30e8452da8733c93b39924d534304b6758f271d462f8c30bbef7e81cec3fdfa5fea667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d04eda5533f598206511542b9fa575a

SHA1
20e6a2a20d9d99856303da67bae3620a5f8c3e01

SHA256
3d87f347aea12bad8dec61b735a48ed7c9dfb2b711802c3b2b027fad15e86899

SHA512
28657325fa0ef8f4e87dce31cd87e6de53f2d35d2e689e8026668b54ee71bbd31acaf76d555d4c3774c8210063a159a1f19d49f8633bae15dd1127ad0934d8cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50ad420695892696c4c70add28769d12

SHA1
57c9ce3356002b7cd79eb032267327339f28b221

SHA256
0afe22326be803657c5c0b83aa56f1d528429d4db41fe0a7204c70e6fa8c4e3c

SHA512
cd01cf29f2c0910be8e6ec463e25ecdc2079a381cd74480f04aca46920ad59775dd29cdec998feb392564cda80f21fa01c0959af0c635158a6109f3e49bfd973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9fde27bf7bbad5c8c1f5edb8c39270f4

SHA1
d75e5dcb266fce8a413ff4d4b4f6ab97ff46699c

SHA256
67edd48708e3cf71dceefe3a42ff18e467580983d6076890ff1d43461fa7c6cc

SHA512
100d1135378f30bb82d5a0a021147b052be8f3e2b1fdcead18736de27efa3f13772db4778edf9d4188238fab866aff938df095e00df1add45d4527c5bc6b98c1

Download Submit