d11331acdf885e047f1b4e9f9bdd915077310e6fece20a2b1eafea40a496da3c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8906daf8fd69d64011720bf7429a0c68_JaffaCakes118.html
Size

258KB
MD5

8906daf8fd69d64011720bf7429a0c68
SHA1

2d82d913865a5e971738a83c37859ef3e57901ca
SHA256

d11331acdf885e047f1b4e9f9bdd915077310e6fece20a2b1eafea40a496da3c
SHA512

e16d1a3c184d3400f086848fbb5e4f3ad2374597abaaac8ba569460855404260c1c210a8c0f51424a42dbdb6e09c971e8c402253587f609362c591f6efdce16a
SSDEEP

3072:OKySUvAg4rhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ/:6SCgz9VxLY7iAVLTBQJl/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1636	msedge.exe
1636	msedge.exe
3624	msedge.exe
3624	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 2748	3624	msedge.exe	81
PID 3624 wrote to memory of 2748	3624	msedge.exe	81
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 3340	3624	msedge.exe	82
PID 3624 wrote to memory of 1636	3624	msedge.exe	83
PID 3624 wrote to memory of 1636	3624	msedge.exe	83
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84
PID 3624 wrote to memory of 2512	3624	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8906daf8fd69d64011720bf7429a0c68_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83e1046f8,0x7ff83e104708,0x7ff83e104718
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9853855033047208363,2545509337997265053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,9853855033047208363,2545509337997265053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,9853855033047208363,2545509337997265053,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9853855033047208363,2545509337997265053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9853855033047208363,2545509337997265053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9853855033047208363,2545509337997265053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9853855033047208363,2545509337997265053,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
757B

MD5
be1cf44bd9b78f55f7cb01ac251419a4

SHA1
83b16cbca7d8db5f968c42d0b7cadcc109bfe431

SHA256
b4edb1b1ccff5a0c9da249533cba9ccc2ddb7229067d5ddb367b805d6e2edbc1

SHA512
39e21934e0923d32767feac585641b020e8a10f03e1d2bd9f3d39e18580c95e4e3653d60f337ea057bea38190ce7651b0a63dc17ec74870502ae489d3fbb009d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f6afc6f01d6a86f4436ab0d52ec97e6

SHA1
ae8efc1db9c5b28267a586e0e779a08b5cc2e298

SHA256
0ea4bf23d825c3821c4c2342640809ac45002039635396680bd058b495f523bc

SHA512
1f1f81986621fadc2b802426c150b1ddb5eb1fcd1d939ec57fb1f808db318501f368083f13f8906ed879b6f36084aceb4d307d18d8b216dc048515b9ac2aa9c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
79b636084174fe792cdbf93fe0e6cc34

SHA1
3f0a58cd3c06b254e3f6526d5fcfdf97fdc4a711

SHA256
c265714977c0ea1e86a84e47a696837fdae9d7ce88168a27fb469f521afc7796

SHA512
f20f47ffb406a8c829259afda0f9e06b3484f3aa4c90e4ade3eb3e36a39e6a1e31655a2e26e0263ffd8da8ab5d18206e122adbdc09692a0f78735b7d7de442c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af44c4e9ffc74939a4ede66cfa7993a1

SHA1
e214af2fc4d04ff7ce06203e4812b59f462bcc9d

SHA256
44fc5eddd71a41383d98c4b6e2890c9c8a9122b3f9d53ca2651cc17f783d7d76

SHA512
1140008d481c8000fc35d4cf10bb93048ef3e9add72cc267fa1ed9f3a217ab24b8cb94c7b19fe20562bca96709fab09dd49cb05a540a26325efa379058c2bad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dcf69310593e268df52032d6d8a62aee

SHA1
21f682d51bebefb7e923143f27158b139f6e09f8

SHA256
140da37a52eb042575ffcb4846d4f3998e4819c7943758f99dcd26cb4ee0575e

SHA512
0831c6add55e9a9fc13af2b92059c7a679ec5a360d0558be439c534b52731d582954913e83906349e93eb771db3246e6bc4efa0475b817c6cb025b698b4571c1

Download Submit