f91f1246c75343f1b3a0cbe162599e2a5883d1ea07065a9e791d6f7be5859e7e

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99006f38f1406e8d8fd4c558340d0e61_JaffaCakes118.html
Size

138KB
MD5

99006f38f1406e8d8fd4c558340d0e61
SHA1

3dfc45a56d6f5471f3166f7fe1fc60038d292102
SHA256

f91f1246c75343f1b3a0cbe162599e2a5883d1ea07065a9e791d6f7be5859e7e
SHA512

3c26038558d765c4b9a61253af502fd8f2159b9478e1af3ed283bb869a7a295feb2e75e20d6420548f9edb020eb94feacead523f6b8e08da8b3cd32c7d440b4d
SSDEEP

1536:Sijz+u5aloXyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:Si+ubXyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
5108	msedge.exe
5108	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5108 wrote to memory of 4208	5108	msedge.exe	82
PID 5108 wrote to memory of 4208	5108	msedge.exe	82
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 2120	5108	msedge.exe	83
PID 5108 wrote to memory of 3164	5108	msedge.exe	84
PID 5108 wrote to memory of 3164	5108	msedge.exe	84
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85
PID 5108 wrote to memory of 3668	5108	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\99006f38f1406e8d8fd4c558340d0e61_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xe4,0x108,0x7ffa996346f8,0x7ffa99634708,0x7ffa99634718
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7453618148172907208,11614867041554191198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,7453618148172907208,11614867041554191198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,7453618148172907208,11614867041554191198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7453618148172907208,11614867041554191198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7453618148172907208,11614867041554191198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7453618148172907208,11614867041554191198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0ba5da2ed7a1c58d2d5996ac44f5a923

SHA1
058282be847265e78ef617d18e264a7dedd83d8f

SHA256
27dccd83ed3113960d7c904368dbda80aa903ad17cc9f06c51965c1cc303a4ac

SHA512
754e6991dea4df76fd9f65626c3e3d7a14e8a0975d7b658a30c1887e246af5445b1f3cf216d6d20a2d80dbcb7e7d2230f2dbb667cfce627efa275a43a8b0f20e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2228dbd6bc691df2995c845113cfece

SHA1
8e7ed62633c9226cfbab0cb98cfdc46d6099d774

SHA256
e59f6d005233c5ce1f89f894afd3c980ecf4d180f4c1b68e34c9247a80d9559a

SHA512
1ff0770b4788ca15e7d61acd5bfac5128bca0223d6404348440ce13952a5690cb44025ed4c6258b19048e1e492116acc59f97eec212884907ad7dd45fc55f5dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c23e080b8125ab90bd427d0eb377732c

SHA1
3b21f9132666b0f76a96d1f8584743ea02bed4e2

SHA256
3c4936729ae669411abca8b123258b18d11dd1801bb32645c045405e5b4d400d

SHA512
c8ef59d7f5186d596dd60b48edb0bcb4a8cbab334622652e8ab606b519544503bdf1063c4d9a84e0a158cced0192938bd9fbaae32076819f2d83d3747748fbb9

Download Submit