37070911c269089c9a982619315d14ce92766deca5f1a8854d188fd98c62ddf2

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

912fbf53f497c674a50929818760eb72_JaffaCakes118.html
Size

266KB
MD5

912fbf53f497c674a50929818760eb72
SHA1

8a2c234deaf65435e3c744125b3d5856ed4e286a
SHA256

37070911c269089c9a982619315d14ce92766deca5f1a8854d188fd98c62ddf2
SHA512

cff319f46aaf24abe75287645df3a7d14b2f55308efd6ea45f5cfadb8710d6a00c48545b0c56e565aecb33b4e111bbf926c4903807162c941b015e503baee0a9
SSDEEP

3072:vLoeMe4v42Qw1uf2fVMf1l4y8eDEXj5o3oOW2ItvPbK:vLoeMeD2Rcuxjh2II

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
3032	msedge.exe
3032	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 1720	3032	msedge.exe	84
PID 3032 wrote to memory of 1720	3032	msedge.exe	84
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 4416	3032	msedge.exe	85
PID 3032 wrote to memory of 2408	3032	msedge.exe	86
PID 3032 wrote to memory of 2408	3032	msedge.exe	86
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87
PID 3032 wrote to memory of 900	3032	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\912fbf53f497c674a50929818760eb72_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f40f46f8,0x7ff8f40f4708,0x7ff8f40f4718
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17976675855759943774,7746545181850172884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17976675855759943774,7746545181850172884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17976675855759943774,7746545181850172884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17976675855759943774,7746545181850172884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17976675855759943774,7746545181850172884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17976675855759943774,7746545181850172884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17976675855759943774,7746545181850172884,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c7fa6374717337e4a7f7f5ef11d71d44

SHA1
5aab37129ae2c7936874b20193a41baa081a74f9

SHA256
71a5e5788d7acbdbeb3d7ced418566cc2d4e1c09ae6b499bd2b54fd89d2095f3

SHA512
12afd6b7c41092ec6fd5474f04204605d6574c9e8bccc1818733e2f712a1e4c17d5a1609185dfe187d97fb7a6c3bf32f29cb15ea88945d5ff10f59d111ecda94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6b6a4307ab718162caf373ee51ec2f5

SHA1
07310edde350199f8fa3475c67836a2541708d79

SHA256
4118bf8921013a348fabc177a43c27b8fd601fb9c6a0917e7b919e869758542d

SHA512
d0be5f3942f8ba9216082449e3a5df43a15972eb3f88555a079f8a1ac62b600b0df442746d87e24ffdb07e2ed639b6dca5b3d72cc585a7f3e060ea186591c97c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f7f5c48b77c7beeaa53bd8a37ed584fa

SHA1
c7ce57cb9578a8733c287fd81be27ca5c254093b

SHA256
03b2fcede541ce370c1310b863fed10eadfb33a7dea3658bdc0f0ac7d5edaff9

SHA512
b5f21a7daaab95066b3bc02185066bf968c47a9366c0f485c698ff98da5c387a53cf02c3ed33c78b0a01671bc42f4e800224d0bbb33a2e3cdfdaa970629c461b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
366B

MD5
a6bb3015d99a6c950e308d6d029dba02

SHA1
a27b92f222420e4b1ec04b8d80cb67b13464c73b

SHA256
e983c220bcb358bce41401166f93d5b88eecf73092b6370dadc26a6fea16586f

SHA512
0e6e944750a2fe64a1b0f8586f50bf0a26de995e634c80c249beb9618771f66160539d00e6cd9227a6c1a16ab1eacd185675174004ab286fea4e765977fbbeb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cb2f.TMP

Filesize
201B

MD5
c5e225d7479508b6a0663d138f850391

SHA1
d49be507331abd2d4972594db988174c4441783f

SHA256
6219d6f26663c888a5b22cdb1b01ea45902e0fab251843a7d72893573792bd90

SHA512
0e2379f72faac45907720734c31588d3a54dbcff4f52e9ad9d69c6bd2377a7c1a280b16a9919c52f614f8552ed24fa1b93b731cce584b6eb8c013231f0208ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8d04a1f46d7e4d7b4e21575208f9a272

SHA1
f43986541db3c6a86d1544e0c78a5b4b0f192b77

SHA256
4dde24f4407d7758a6f972cf6d5b34879d1a9b3cbd0832a1bd1cd3fa0834455e

SHA512
cb483ca0cfc91fafaae6c734b6a3ecb28198f3520030b1447cd2a4384e3c290ea40c2f96d6b1b8085d5fe49866aa7901fadc8e3a8a7eecca4c621c3debf8b75f

Download Submit