1bff8f17dba0818d6cc5d82fbe5c934a5b1e94747aaceb2458a4d35a881ca2da

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98fad12d321809b6d1580ac705a9506f_JaffaCakes118.html
Size

70KB
MD5

98fad12d321809b6d1580ac705a9506f
SHA1

1380bbc7b2bc82e8400b663d84cdf64ceb766fef
SHA256

1bff8f17dba0818d6cc5d82fbe5c934a5b1e94747aaceb2458a4d35a881ca2da
SHA512

11a9bbee7e437a77c4a84b6dcb8f8b50941049c4e2b6bb687707bf4665760a3f7375928cf581e682533927f73b4e15bb40eaffa8256db162df450b4308888c9d
SSDEEP

1536:YgiPhauu37Y6yXAcSb53f6afU/cdNoeVUDDk8NJKRtNrXPNo:YgHuq3GANfUkyNgtNrXPNo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
3308	msedge.exe
3308	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3308 wrote to memory of 1872	3308	msedge.exe	82
PID 3308 wrote to memory of 1872	3308	msedge.exe	82
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 4640	3308	msedge.exe	83
PID 3308 wrote to memory of 1748	3308	msedge.exe	84
PID 3308 wrote to memory of 1748	3308	msedge.exe	84
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85
PID 3308 wrote to memory of 2796	3308	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\98fad12d321809b6d1580ac705a9506f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa439e46f8,0x7ffa439e4708,0x7ffa439e4718
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1797738644535232212,13206377492028522172,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,1797738644535232212,13206377492028522172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,1797738644535232212,13206377492028522172,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1797738644535232212,13206377492028522172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1797738644535232212,13206377492028522172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1797738644535232212,13206377492028522172,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
967958b909be38bc038026780ba68702

SHA1
9d1ebd4ccee3b99aa814efcbcf17861cf23e0059

SHA256
06bdcdd2dbffe958280be2bd8a2b384ede1be771545cbfb96a9f567b6b0d8824

SHA512
d403134fc0255fe53464914d17a0aac620ebe39255716db9897bfbf073702466f95af60bcff1da82c621aa7d92070b896eaf5da06706dd682d5064f4d3f8ac2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64b0aa102fc1bbbf24eba9220486e702

SHA1
9112977b29d7539f85e3ab1c95bd2c8c753215c4

SHA256
f93ef668dbe08fa32770a1adb935f6aecb0b6ec90a40c0a7ed1c086a58e8b264

SHA512
09f8a54befdb852e6adcff5f8ae30a99d912ec8308c29d4135219b6047c6e773f9d0b6af7093ffdb47b298c3e445d0259ec9d7c47741e2518d16b34c0b1ce604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3dca95c9bce5ed4c0c3a50807d2b9f4d

SHA1
4c973cc10f3f760ce65c4fc0a3c1ecc64abde928

SHA256
98ca96b627a39589f315479cf6901876153b943a31aa42eba2e712a8b0e20e11

SHA512
8e60aee438c717d962176e60b5c18969b7a55d46b2f4aede5ffa11214c93486dedcf0a02fc5ca589071ecc648d5aa527bbd6c8e43463730a230318fb443689a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f6a5849131a56bfdd149aae4374606c3

SHA1
4c0fa1f9352fd45acd96287c82a00494c5bd3fed

SHA256
0bf99f9ce2ef58509a638d067ade0abbf5658aba529c4a7d33bafd36631da4f3

SHA512
3894da249b36892c0fb7bb2e79a66fb698e9bebe7894153646d699972922846a3c48d01d0382bbe341284b27077a284e17ec6461f9551ac62dda7b523fef55d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
db720aae57e5bd4fab9ef1ad1cd73bb7

SHA1
14fef4672d5bcd21f82cac45f5f8c69de01091f4

SHA256
e70fce74078a283cf684cd21c54059e389734c7a748035791f6ba677dde7a3fc

SHA512
1d8b94c62666d87549ab200cb80feffec41e502a6e59411d14e54996c6b4518ff0f08e081effaf94601fa779889f75a1245e3d231ccb7dc4db19e23b6c8221e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c081.TMP

Filesize
370B

MD5
32964ddcf3ebdc8a2fb9291f90bab083

SHA1
7246a4f0c835c31028a97870df84e70384241361

SHA256
b8c638f2e2921dedec0c8263820eff04e5e2dc91ee7d4ff3b5e33f0a5e8eeaa2

SHA512
980202016e6dda50dc72300e1ff695461a38dd9547b557d26127656e0447e619623e53c9a86f9356193215348ed0ed2387b495e51afae0939a4615377217f6cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7cf91b58d38a44baa49a10875c0990ea

SHA1
64911f921dccb07f2fd27893ad66036d60472419

SHA256
9c9ae7a3ccf5292dcba70ec67a9702c590731f709e5689c26eaa15210a352cec

SHA512
c3ec2f0d6a47739abc515a7b2fc0296c487649e9452629e96dc380c5876f8aa5f6515ae946942982568a2fe4b231330e673d4d29d96254b3c5187b64028a21cd

Download Submit