d00869501eb1e14fec12212854c230178579a5becc5c638e037a257d381a3de9

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b84689337c7b1c59370580c75687507_JaffaCakes118.html
Size

220KB
MD5

8b84689337c7b1c59370580c75687507
SHA1

54b1d6f84ae68c39db1d984e0d011839d49cddc9
SHA256

d00869501eb1e14fec12212854c230178579a5becc5c638e037a257d381a3de9
SHA512

02e151326e8567f66b017ae85f2550eec5b160887c805b9734473b922281abc6dc51d95292cc58fe93ba4b2a47095c51de343a87f674808311ee42caa7aba7c9
SSDEEP

3072:SpfuLo33ajrC4USyfkMY+BES09JXAnyrZalI+YQ:Sp+OoXSsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
3476	msedge.exe
3476	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 5000	3476	msedge.exe	81
PID 3476 wrote to memory of 5000	3476	msedge.exe	81
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 2576	3476	msedge.exe	82
PID 3476 wrote to memory of 4196	3476	msedge.exe	83
PID 3476 wrote to memory of 4196	3476	msedge.exe	83
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84
PID 3476 wrote to memory of 3820	3476	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b84689337c7b1c59370580c75687507_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84b6d46f8,0x7ff84b6d4708,0x7ff84b6d4718
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,5869177199347206358,2294637928227580945,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,5869177199347206358,2294637928227580945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,5869177199347206358,2294637928227580945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5869177199347206358,2294637928227580945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5869177199347206358,2294637928227580945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,5869177199347206358,2294637928227580945,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1466c62a8e53699cb8c120cc3616cde2

SHA1
430b39c4c65969fe3db0f6147cc35585eeea2aa0

SHA256
1d9139474f482078cb54c793796ce1b338fbea74f355a78e1d9c849ddacbe313

SHA512
d13ca6ca6fb512478f5a22a8bbb83b74bde7c6c7ce131b434c1e9bc19d255cb66cc645cb5648986cfef59380ed6e324ac431a0154000bb8a2a38c2633895fa92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9078a7e0c6ab2c742d8e250ec5c35f8c

SHA1
f9b710df095732feed09bb58b3e280f553e0a9ba

SHA256
7cd5a36254be9862aa75cfd5db131a5b4cdb62cf75afc7fd729f735a0bc6d66f

SHA512
7b5981b0c6bae9325164f90a3425cb78fea532cfad86053787be626a61d40f34ad6e4b2b7ac63e4ecd27b033e683baca26602ca79f576b005bdbe41771cec2bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8dbbf81fda9d0ff5ecbb0c7ee0221f5a

SHA1
a2b934011951225e00b307b1977fcba6a73c309e

SHA256
f334b1d2e20e414f76504bb5a9a6d978937fd5fec786e6f6064cdaa6b869ce13

SHA512
02e9a3b033e2f5845342b3771832103871f9d38330421c8e5bf734be9e963187786da6dc504ad294848d53c61f9769090786a4a3ecac819754838f4a7588ffe0

Download Submit