43574a17880632cac4d487f262b9eb331a72cc0fad93da058a6e670a231e3056

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 12:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8a746c3915379133a5bafb393aab86d4_JaffaCakes118.html
Size

221KB
MD5

8a746c3915379133a5bafb393aab86d4
SHA1

6b3289b00478450ec46768f9212db88c797d2b46
SHA256

43574a17880632cac4d487f262b9eb331a72cc0fad93da058a6e670a231e3056
SHA512

56ff6d12d3438b1177b68833c0ab863b66004a328c4fd395659c9ec0206a1ed421d85e6f4e06028b216e19650d4b98d0d0cd0ffc96b63464b2d5b71b23138286
SSDEEP

3072:Sw5MmhXOG1udyfkMY+BES09JXAnyrZalI+YQ:SwbpvsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
2940	msedge.exe
2940	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 1828	2940	msedge.exe	82
PID 2940 wrote to memory of 1828	2940	msedge.exe	82
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4732	2940	msedge.exe	83
PID 2940 wrote to memory of 4688	2940	msedge.exe	84
PID 2940 wrote to memory of 4688	2940	msedge.exe	84
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85
PID 2940 wrote to memory of 1580	2940	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8a746c3915379133a5bafb393aab86d4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe34424718
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,13243425809061492014,15538850784848697054,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,13243425809061492014,15538850784848697054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,13243425809061492014,15538850784848697054,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,13243425809061492014,15538850784848697054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,13243425809061492014,15538850784848697054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,13243425809061492014,15538850784848697054,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3044 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2099e5335e0eea01f49a4442cd26e439

SHA1
c15bd15d35e6983bf0123ea8f9f222b4af921399

SHA256
fe8dc1213374204873c7cd7deaded00fda6e361aab04548af16535ab2fb4af24

SHA512
88182a1a1eb76a9ddea5dd863e6618693d28abc6081911bdab2f993ccdeace0ccbd48c78fa74f694198aba464125172e2ee546deafa7d21c80def5f7a7cfffab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c987ed7ecf87922cc09d9c4f1a1c0891

SHA1
73e2af900959ec68cf2bdf759f38d1b530ee69c0

SHA256
3056771a824f33f3c5ca8a8538ef0a0b726d909945796e5e7302ce34bfe80c5f

SHA512
ba845b471427de8f3dffb8ffe131ae3634f7e9b6d3af477f4025de606f5611e72db05b76062bf5dc3ff6bbe69f4e204f08898f203aa5d31433b0cf8d821ec8ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e92f195e9186ae1184ec6dfb3cd3a393

SHA1
e68ab78abd1c38d0349d27c3feabbfd3a56c67e7

SHA256
d33c5b0c0ea086b861a0ab4221ba34944eca4f663abe73db83a4888c09ef3949

SHA512
14a0bc93b36c5a8d6ae91f8fadbb923411ec2ae683305259b91f7c5a9a0d6c09ca1368385574453756b3d68ca665071ed09927c7851f9ec2e5fc5387311cb11a

Download Submit