9262d57e11622f04dd50ecb3e807fdf951e08080be31af4f3a227b5ae030fc79

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 03:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8936c7a300148bc09976440c1853d9f7_JaffaCakes118.html
Size

17KB
MD5

8936c7a300148bc09976440c1853d9f7
SHA1

7f1904e287cc754e6fac5e6a275790e3a1482765
SHA256

9262d57e11622f04dd50ecb3e807fdf951e08080be31af4f3a227b5ae030fc79
SHA512

4aab29e9ed60a1e6b6fc8df5985fa04487dd804e74b5d61c3a7ba1e98b60c71621d35023e91cfbc6a2bc8a061401bfc4fda18b742660f7f28e5a66b28aa03436
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIS4szUnjBhoS82qDB8:SIMd0I5nvHHsvohxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3464	msedge.exe
3464	msedge.exe
1528	msedge.exe
1528	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe
1528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 3996	1528	msedge.exe	84
PID 1528 wrote to memory of 3996	1528	msedge.exe	84
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 1436	1528	msedge.exe	85
PID 1528 wrote to memory of 3464	1528	msedge.exe	86
PID 1528 wrote to memory of 3464	1528	msedge.exe	86
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87
PID 1528 wrote to memory of 3800	1528	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8936c7a300148bc09976440c1853d9f7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe6c446f8,0x7ffbe6c44708,0x7ffbe6c44718
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5924225351540796555,10456250467895668070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,5924225351540796555,10456250467895668070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,5924225351540796555,10456250467895668070,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5924225351540796555,10456250467895668070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5924225351540796555,10456250467895668070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5924225351540796555,10456250467895668070,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b377f897de522672e503ee48ccb3ebbb

SHA1
c846407966326d4815b8a59a0f05bded0c14c078

SHA256
18319993a6447ab2ac6e8fd104376ce56b630b7ec45204c0a7a2192edee33d92

SHA512
4e68e18f64866445042e755b54a253746174fe769fa5b70736255e9678b7323cf9e826320c897bf0063f24639f95353a1f5f1cd33ab623bfa2506111ab3bcce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2864f5ec6bca411e799c5e6229a84355

SHA1
83633c5493b281344778f4de8fae088b8cf859a2

SHA256
43c90db5660a1b1d19ee82559b336255dc801e8af3a18cc307f1ff542054ad99

SHA512
a57456818a057dc1c8d9c9aff30f727784bdd318910b5919fc865ee72d004bc3c98cc2521a02ae34a2394cba111a67296c60d80553e51673e25f60019de9d7ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b15fad3707dc5a1020221c29da930f44

SHA1
db5e4b351aa6369778e5c82fd383a30278d36ed6

SHA256
56d9875b10812b1de2aed08674130e6b8ca9db2e49a3ce6ca4ccdc61448f0b25

SHA512
5c835bcff76383f32345d0ebbff1aafbd5128b67b65ff6d1b9efd302fad29a84e3f4f48d195e4a8ce905d34a5661de692732a6065c47518a434e0a08c5f8bdfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e72bdd2f8b96d7dd90605fd2319fa394

SHA1
45e1020465cbaa2d918d7e7fdb555af14ab84ffe

SHA256
0a592b00a9fd4723a064586e732766b0a0f48127bf9999ca78191bfd3bb893eb

SHA512
97d9920988aeb9b43ad14526566edec2b4b6247ea49cef68d678d2ebd3ebc3e432850c75bb03a138c623db151a45cf931efe56d2b9ddd474e20ca58fa5545521

Download Submit