38e051091e455b1c35e025a8a01cc30f066ea6c38d0ca7882b677a54e3292482

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91ec3d99a84a6b51da5d439b819dbd1b_JaffaCakes118.html
Size

71KB
MD5

91ec3d99a84a6b51da5d439b819dbd1b
SHA1

24670b81192bfcfc90dbebbcf3fbb7b38b5ddcb2
SHA256

38e051091e455b1c35e025a8a01cc30f066ea6c38d0ca7882b677a54e3292482
SHA512

ced8fe4f13c9ece824041b006bd400942ab36d5d0dea182f911039c7bd761f743618e2fc90d62d9b77c1a06e3f4c0c57c0b85618a1e368b88997055e58e831f1
SSDEEP

1536:QvQNaBUtftQrpQLg56sWvE2fS/FkcvN45z:QvQwB5rpz56hmFkcvN45z

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
3456	msedge.exe
3456	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 4196	4424	msedge.exe	84
PID 4424 wrote to memory of 4196	4424	msedge.exe	84
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 4396	4424	msedge.exe	85
PID 4424 wrote to memory of 3456	4424	msedge.exe	86
PID 4424 wrote to memory of 3456	4424	msedge.exe	86
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87
PID 4424 wrote to memory of 3736	4424	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ec3d99a84a6b51da5d439b819dbd1b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc06ac46f8,0x7ffc06ac4708,0x7ffc06ac4718
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0bd12cf2-ad8a-4878-b2c9-c69ae8247503.tmp

Filesize
11KB

MD5
086343e379ed4a6e9dec849728176e98

SHA1
9b944f31842553b605e207954d10b3c42ce5f9af

SHA256
f17b1300d532bccbc0f8d9aea0bd0afa1c381239bc53b033be8563ebca82e5a5

SHA512
5e72d3bbcdba0fd7ed6a3cba5386da3b0396d378bddbdf9e2ad8c4b0846f3b43d17a0b60842eba70d485822466e3a44cc7ac014e23a2f9c9fa5336a3982181a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0104035a3a6ef09623a742cf3dff51ff

SHA1
e51ea12c0e119dd18b00135c508459cd344a6d7e

SHA256
5726f66e010836a011adda4c1bf282300cffc3b180c4b5c18d40b57478f6c3ac

SHA512
f6f34680ff016d75ab9e5f93d2628a1df020a4a2f14a2ec6afca342460b57e5b33519b0ad369a96a30b05cb9b3c5d457d3aa6c82f05ddae2007a8ad974fcf9c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aeb01eb0405cd717bbedee6d0a3180c4

SHA1
278ba0b9bbc757dc0480f394abca7c2c6067e6ce

SHA256
fb96a2f17aefa53f53f1131522a98973e3c5af9043d1572b5738afb43436b2e3

SHA512
af10c2efe93f22bdcf5c0b9d21d682d7ea6e68207398e990fa56b7de3a6a094d4becf1d4888549271c6f831d6e9c0499c7e70ed0ffeddcbc0ee3c3ffa74f2fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
18533bfea1ef76c90908354fe49a1670

SHA1
4f34d6a32f686a2a1472f50473a05472b53be3ac

SHA256
ba34df0d2a96afd7095947ffff6288607669a4f404b199e387d6f1d09762e0a2

SHA512
d3214d72fea308c56eb0539e1c5e4ffe674871dee047cb23890f42b42d052b9e7d3286f6ec354c4b48ea8154e55daffea1ef1108b93010c9143612436a67fbbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
3832dcc3fad94b089c3e8093f99bbebf

SHA1
a1a5291bc6f7bd1cc93b0058f74f6219cae68586

SHA256
cc57f9d4f12133e967af956360e485543d2171ee8d4cd1c82a4d0f49aabd37d0

SHA512
9ca6c0cb8492654a6c8f556e083e01b012655f3c4744a872d2be34f024ad98d355732aa94c14040d12dc0e33a8eec60b4cecd21f6ae292b45175d90922f0db95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c5f0.TMP

Filesize
203B

MD5
db08c6eabad6cd469d39e864ee5ba737

SHA1
61b2fd4b99991ffb5c33c498c5c7d5357ef01601

SHA256
a5a0f3535a58cabb960d65dacc4f5647d5728deb6cd389f343606033809ddb8d

SHA512
71f4b101aa11be4ebd203467b53dfa3e5cf37f257400adc85f47c0c9844e44711639f78f5d0ad301e16afa9fddee08a12a84e9915e6f58508591344ba3291a4a

Download Submit