44a7806a565c48ef6f8289ac7fad1b6a12c334b902ba85ca4e6bdce6840b8e21

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 08:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97938d9eb348acd7b14a430dd9961023_JaffaCakes118.html
Size

139KB
MD5

97938d9eb348acd7b14a430dd9961023
SHA1

606ef1f456710da8ef43a628f14c3bc9617d9426
SHA256

44a7806a565c48ef6f8289ac7fad1b6a12c334b902ba85ca4e6bdce6840b8e21
SHA512

1c8876e192beebe93187fbb310a365605137ac90726f370b4e458f1b2f6f6b28d64428a14a8b0399c830f8917b830d181f80ca639a879a1bbc5f3e168a127f2b
SSDEEP

1536:STvU3bl6IyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOZ:STWgIyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1580	msedge.exe
1580	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 1604	1580	msedge.exe	81
PID 1580 wrote to memory of 1604	1580	msedge.exe	81
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 4856	1580	msedge.exe	82
PID 1580 wrote to memory of 1056	1580	msedge.exe	83
PID 1580 wrote to memory of 1056	1580	msedge.exe	83
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84
PID 1580 wrote to memory of 4760	1580	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\97938d9eb348acd7b14a430dd9961023_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7e2546f8,0x7ffd7e254708,0x7ffd7e254718
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6458182154907984155,17780755184745458099,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,6458182154907984155,17780755184745458099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,6458182154907984155,17780755184745458099,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6458182154907984155,17780755184745458099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6458182154907984155,17780755184745458099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6458182154907984155,17780755184745458099,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3432 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42ed295711ecb94f02222da057a0d89c

SHA1
3a59c08d4d2d862917c6389ac3769b465840cf78

SHA256
63219657de8ae5d150650f31765e9e6b380a52d41271110084dad34403656598

SHA512
2744b71e5b66b936dc25a668e7bb32bfd416787da2f6ef38305bda71fbca5a421cb76a039aefa802112fbb2e43a26fb743e78a51f07a8073f935c51de68c1224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6d6e8903e60879866f6d5888ec16ee0c

SHA1
3364965208d8853a5bb3458da198ad1c87f800be

SHA256
1ebe3e907887b9348013844aa5db4a7501b4b40781c57745e9417daf5bbbd7c8

SHA512
2abcaa816974149e627f15525d4bd9f9b6a5c8903d5f417bf9c315fe5b5f40f152e7d23077ffdb3cf680923a68b5aa872c856057cc72ee792ac0f86b47822ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
254c4957d957eba39b911157d6696e32

SHA1
64dce7f64dcb4113b65e305e1e3087c88a94f6fc

SHA256
af29df3a2b3092b551db4058a7de25a3297da6fc3f0ab25c77c210b3bee1fd4f

SHA512
b041ecd0b8aa4137dd3a29078d6b64065c8c5369ca2ed60232580616ecc8bdde08b28c4d4fc020f9364d3e0d53cd45371ad0d7c92326340107d0c34d95a6e92f

Download Submit