428aca87d5492e902ee9a35dc36e70b5fc203ec72b3e748258c3efc60cbe3f50

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 05:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

90a473adda84a2e2bc1165c2517c1bf3_JaffaCakes118.html
Size

214KB
MD5

90a473adda84a2e2bc1165c2517c1bf3
SHA1

0cd4a60de3a9cd29fea31311786ac9840aed2b30
SHA256

428aca87d5492e902ee9a35dc36e70b5fc203ec72b3e748258c3efc60cbe3f50
SHA512

f5ed8de41cf767f0c654d8c64527b150c67ceeb2d5ad3e3cf5969e4edcf4f74eb76a1a2c326a578f56655c9945209db306df9442743f18eceb4160aaac4be509
SSDEEP

3072:5rhB9CyHxX7Be7iAvtLPbAwuBNKifXTJp:9z9VxLY7iAVLTBQJlp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
2720	msedge.exe
2720	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2720	msedge.exe
2720	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 4548	2720	msedge.exe	84
PID 2720 wrote to memory of 4548	2720	msedge.exe	84
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 2728	2720	msedge.exe	85
PID 2720 wrote to memory of 3284	2720	msedge.exe	86
PID 2720 wrote to memory of 3284	2720	msedge.exe	86
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87
PID 2720 wrote to memory of 1208	2720	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\90a473adda84a2e2bc1165c2517c1bf3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8517946f8,0x7ff851794708,0x7ff851794718
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1500,6915463762541076735,3185401108959649830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1500,6915463762541076735,3185401108959649830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1500,6915463762541076735,3185401108959649830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,6915463762541076735,3185401108959649830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,6915463762541076735,3185401108959649830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1500,6915463762541076735,3185401108959649830,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
64d63234e290e16e91420133bdd5a5cb

SHA1
09fdbac4e55ff86aa0272334786384161c9e517a

SHA256
ed3551361d7b1a2d3fcd41290ca1c4741c41f37d8ca95a93d4ff34ce0147c55c

SHA512
1f1c2c5e877d8789254bb5dd8e3c213d73e2859028af62a4707b9a9f0467ee8ad177720af5cae0f2c6a79c996d6c2175fab4e4df402bbf3a5f6a7329b9c794fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52e989a80ad78f0c22054a35b91c81aa

SHA1
f840acf6e468cb44ef0b508c507ecb4f6f0998c2

SHA256
311cde022b67b0fbadeeda3fcdc916295c71b08a1493428596d5dbdacab57b96

SHA512
9acec477e66f10a20868a6c450bf08a1df0cd3eafcdb26d14a6048b2087e0550b76f3343d305f45e68c29405c257b0bcb4c6b25a0a781870d181d01a85b8b00c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
378a2a2b8a3dd1f4a14dea3c2b515e63

SHA1
9389ba0670c37f76eeb635d0c6c601809a4e9e21

SHA256
52768a757575fa306d307529f44931bd680cb10389447c3643503982f3c59025

SHA512
c65184b74faed332cea597b476380ce8975f5d297412a2facdc6418884dc1d009fd8ac1180ea78f1e15fe2b252dab1ee8867d72ff9aea7a875ca7fa3d65a0a2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bbc17acc19b09408ae0a481946e486d8

SHA1
fe4cd252ed4286ad46e63d398aaabd55821ad812

SHA256
4598e6bb64d63af78a6548012035936059ece73838e45356027961c62f01bfe4

SHA512
d269c74d8e82b16fee05d37a436cd11462c71db5f8e9c1c4793fab383acf6c7039ff644db3d3125797e2f89c56ef994b88ad8c1d97f68f567cda9a3481f627ac

Download Submit