421f974fe17cff0125ed186c201fd0f00e757c105e8140afc34153045c86236f

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97a53486ef5c0c48d73cba0203794002_JaffaCakes118.html
Size

74KB
MD5

97a53486ef5c0c48d73cba0203794002
SHA1

504f41b81cf81fe665831063dee62a11c2c4e9fb
SHA256

421f974fe17cff0125ed186c201fd0f00e757c105e8140afc34153045c86236f
SHA512

0a87daf893ebb5bed2a8143d5810f8ce8b6ec812c4eb6eaac432e54fb2f08018606d3187dfeca5d66b6a1479d2eeaad36e3770df872fb191168c7aeb620b6afd
SSDEEP

1536:eSNv4yJnuu4F2k2vsKAt7+4O/k/M/x/d/w/f/n/Z/V/B///LhCUjv6CsB5kMl/bb:eoaF2k2khx6CsTZ9fvKM1/F

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
968	msedge.exe
968	msedge.exe
2136	msedge.exe
2136	msedge.exe
3584	identity_helper.exe
3584	identity_helper.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 1020	968	msedge.exe	83
PID 968 wrote to memory of 1020	968	msedge.exe	83
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 956	968	msedge.exe	84
PID 968 wrote to memory of 436	968	msedge.exe	85
PID 968 wrote to memory of 436	968	msedge.exe	85
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86
PID 968 wrote to memory of 1936	968	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\97a53486ef5c0c48d73cba0203794002_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff850fe46f8,0x7ff850fe4708,0x7ff850fe4718
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13317406430856512661,5068105053924026776,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,13317406430856512661,5068105053924026776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,13317406430856512661,5068105053924026776,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13317406430856512661,5068105053924026776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13317406430856512661,5068105053924026776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,13317406430856512661,5068105053924026776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,13317406430856512661,5068105053924026776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13317406430856512661,5068105053924026776,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5180 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13317406430856512661,5068105053924026776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13317406430856512661,5068105053924026776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13317406430856512661,5068105053924026776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13317406430856512661,5068105053924026776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a6f6ad12f5469e90b39218c4d96d67bc

SHA1
44dcc3b8e859e8b43cab027b5e4b2f0d2fd25ccf

SHA256
1d2680aa6137dea485659737a1e953697231a988d03b4a4673e1f1be7b187b95

SHA512
dd23f349fda0520821464b2865b3f92443f26ddf8f043a105bd2192efa17179a142f732ca8d78a48ff03a8a4c140a6d9d50e53c887922f4f45193229b72b3223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
95abace9a38b78aa332dd69a0dd28dbc

SHA1
762828dc5dc64f31f72934d0ddc27fe51edfbfae

SHA256
c618866fa0bbd88279196e3f65e4b15d36b59d73c42e42fccafed3a9e9d4ac9d

SHA512
e2536d612a6e985427a1e705e575c00710e93111343b1a1eb2ff26a31483457837246211af927fa21068c950a91618656c72b8dfe95bbfbb360d83ddd62af19b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b24dc180d02bc0ffd430c6536bb735d2

SHA1
087b5fcaaa9f5fff23dad5d92d7e13157bafd609

SHA256
bfc28dd51e4156a5b00236b131df1ccf60c201f4217fee3da3966ab4e7a96e71

SHA512
40cc8a458ba3cc29b0df3aee0ad2254a92035e1424530ac4ffe0ff8a008d2433d760b8c38bef543389bba206a719fe7c08c87086d315926dacee9fb8ba12cb1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ba454b9b70a092ab054d5f91440ef059

SHA1
12733e641630f852ee8b761bb116c7a1c58b516d

SHA256
2d7f3bc4c122b1356d5f47f9a7dabfcfe130bba1d75d7370dd9bfa7723984561

SHA512
a36d085ff295f54dc09760caf3508866927df73fb9cc4c610025422f702bef6ea20aced80f56e409b82a396e737e3dca2f37c4998ed3719a2fa136411316dcc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
258572a021f13157f9eb0007f57d564a

SHA1
507156d2770cd5f00e5f14456bf98f15ef25a537

SHA256
63166f25ef239b794de43ffc43b09c435b10c2053365dd93110286eb9567d83b

SHA512
2a4cd15cbb7bd5f162b1f690496c5638bd925bac0dee244c45ace1f0b9afb79d7aa376a7bbca690356e51d7bf7df0d8b865b9c06b8fc417805148752426206b8

Download Submit