42669dd0c705fb15f4a0c66cc81c6a82bb005153d11a9123316f2d53b4770160

Analysis

max time kernel
109s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 07:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90e8d658026fa7bf9309184f0a66032d_JaffaCakes118.html
Size

22KB
MD5

90e8d658026fa7bf9309184f0a66032d
SHA1

663457d1ca9b4fd36a58237bc9ad31d48a99bd4e
SHA256

42669dd0c705fb15f4a0c66cc81c6a82bb005153d11a9123316f2d53b4770160
SHA512

cd775a2bfa33ddec592592290468f500eeca786f5ac9221ff22d68c8145bf70b4088689886c33095179454292fe88e2a7f4b4a6d6e2d7de676169e94ec2ef454
SSDEEP

384:y9ZkScK8c0uGKj+6mjZmKjFQyhVqkiRV7EQSOyBM9+V4HIbI9mCMzgCX:wkScK8mGKj+6mjZmKjFQyh9CSTrdl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
2524	msedge.exe
2524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2524	msedge.exe
2524	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2988	2524	msedge.exe	81
PID 2524 wrote to memory of 2988	2524	msedge.exe	81
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 1532	2524	msedge.exe	82
PID 2524 wrote to memory of 3320	2524	msedge.exe	83
PID 2524 wrote to memory of 3320	2524	msedge.exe	83
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84
PID 2524 wrote to memory of 2216	2524	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\90e8d658026fa7bf9309184f0a66032d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceff246f8,0x7ffceff24708,0x7ffceff24718
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,18070537855820366999,1224481799407022538,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,18070537855820366999,1224481799407022538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,18070537855820366999,1224481799407022538,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,18070537855820366999,1224481799407022538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,18070537855820366999,1224481799407022538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc8dab74ca7c0d81bffecdf0272b2033

SHA1
b85e39a4fcb4a6e46bc36daff7c1c26b116e91a6

SHA256
78e6e123d8db0838a11ff32e018aa523aa3a3a9663d8d1e2357ff1fc85b72b2c

SHA512
abb8359010b2c12b96f145b0d834104e65c0eb3b0bf2d601f0bb02e8adbc09c7ddad4a4a5872e6e45725f7d4388e0abda3634f76a9137381ea4e01cea75ff103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2618c891a3fd8c0a54c7b854b0a50e11

SHA1
9666c5e34530b4751f1d0f7138961548e75f4dbc

SHA256
2c0b75c3d0552e0a84d3f0cfc2aa650790e06182a01b2930975ac094cd6a5dc5

SHA512
d6f7ac136594372a92f181a286093815c5fd23f1abb85fee042df063a115c2b6a51104115c18d4f7db939075a2ebf5127c035b1a530f97f65ca5d6c20c9ded83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ffc750e490aaf5665bdb72a119c7661

SHA1
e177e91c4b64449e96c8496f63108849f3680f62

SHA256
2f77e2e7d58253e0c2639d25884dcdc92af66e9d2198b0817f75c8c594df9db8

SHA512
c49f0d921911e2f2d1348d9086c36d99ed5f84041372d27d23bc0eae5c1fe5976d3757c4b0389e8d796427cb088e585da4fe276c37e4646db7bea827f7c0e45b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1321c0321e1e33f4714f245cb7e7f12f

SHA1
a619c2b976ae7d70dcf8f0b8de75d3c7817770dc

SHA256
c06304724f2995ef50157ea11f2303ad7177cb8ee49183a7f9b3cf6ced782469

SHA512
f97335a6c35bb002528f2949556f1088fb0f8588ffea658fee85921253f7a37cece7ff85ef64653f5e14b3b91541cd95a80c60557c77d9ad1e2650770b34c499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
90acc083732bfda86d3f85957e0e259f

SHA1
f00984d72c6acf539d8c84e0a7a7d643efffd651

SHA256
3d7072cdc954d31146bd3e13c03c405a3eb65ae79ac69efbb1b5ec51e0b48e4a

SHA512
40d6e5a4839b904cad733fdcc8dee0648eb6fb49edfbaa2895e6b55e014b0c296f2ff7012480eb03380c9935e7aaccf0e9962665d142d5a16fabc9f5d7e542b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
39f5c0802592be074c47071a66ee972d

SHA1
ad8100f787ac654ad10bf7a575a0c9514e89714f

SHA256
a5d7a1b32a2e93d91063dd3ce51db9a958ef357496e757ee8270ad5d984cf060

SHA512
cd11f65856acd32387047db4cbbf27bd4cb056ad424d7a0ca93f2ecc4d19c07e9d25dd72f7bf0f0fc4e78636d15d6fc3f5280d8a5c15e6273424d20f41376f47

Download Submit