f190fa4aba4d424f2332c11937619baabdbdc208f290133e4222a9f556e6a2c2

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

950a827b251f42ab1221ec3833b25481_JaffaCakes118.html
Size

139KB
MD5

950a827b251f42ab1221ec3833b25481
SHA1

5a480b5c6325dabce23df7343c0e3b8c02734a9b
SHA256

f190fa4aba4d424f2332c11937619baabdbdc208f290133e4222a9f556e6a2c2
SHA512

53fdbc2ad5da29d1480de8a6b24a1c0d5c469bcb659f8b2fdbee565538933a19513ed2cb132147fa29983cdea2ce02fdfdd2f341683c3bdd41e36b9c3e1a3950
SSDEEP

1536:SaOPcmgm49lucyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:SaOjP4OcyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1456	msedge.exe
1456	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1456	msedge.exe
1456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 4856	1456	msedge.exe	81
PID 1456 wrote to memory of 4856	1456	msedge.exe	81
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 2440	1456	msedge.exe	82
PID 1456 wrote to memory of 1208	1456	msedge.exe	83
PID 1456 wrote to memory of 1208	1456	msedge.exe	83
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84
PID 1456 wrote to memory of 3704	1456	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\950a827b251f42ab1221ec3833b25481_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe24a846f8,0x7ffe24a84708,0x7ffe24a84718
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12317054008041967206,4117447544933005328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,12317054008041967206,4117447544933005328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,12317054008041967206,4117447544933005328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12317054008041967206,4117447544933005328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12317054008041967206,4117447544933005328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12317054008041967206,4117447544933005328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e2dfbbc07672eb6f95b2ef7d759addb3

SHA1
73b9c4359edadc886d32908fcd67034cbe0d80a3

SHA256
1d846bc718fc0db6d341d11898dd91ff5860ea5bd78542fcd47537d9433edf31

SHA512
bddac24d133d1b07358ae67ccb1bb253af4ab837aef003671d6cd5f1ce68bc1bfb4d2dcc837b07d7106dd304092ceec991196e23aea13b6e97c625e70fdad918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99c64781127d74321945b148213b4c69

SHA1
7a05f579d73d1885d8ad9b39e7aae05f66d908c3

SHA256
eb7714e7820b2d21965b325b40b7259b89b1a65d4e98ed910498bd82a9e26d69

SHA512
61a0105bc13ec9066b9f69b86544d19bf60a9600e6cf718e09d0af3467c90839900fb0db98b60ac5475ec34f9c922ce25a1112a93224ce3e4702c3f7e26bea2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fbacd8d07bead5a31e8c907f9bb030e3

SHA1
376f3c51435c68fe082b1a112eb7fff8118ca853

SHA256
81e3a1e7c3b63ba3aba19e8f4928bd5c48ae836bbbb8630c1793140936dcc9ac

SHA512
94fc8e46d7bf905ed939b134c3d55f5e35f7ec9b3b874930e2e71fa290569cb440186f7953dc9f4def7e30cb132e36712c78c816da7515bfc7517eeb8732ddd8

Download Submit