603799030c01a928cf02093acce3ce3cbbad57028eeb4ca794b9498472250bd5

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b90bf92550835d25cfe08d55caca393_JaffaCakes118.html
Size

31KB
MD5

9b90bf92550835d25cfe08d55caca393
SHA1

88022a6e6c2b6e3dfc17d254c424770d6a536c5c
SHA256

603799030c01a928cf02093acce3ce3cbbad57028eeb4ca794b9498472250bd5
SHA512

53321d754fc5921d8f5a73a450044bdc6e50afe01e30b603ddc945e2c77aeb9373ceaf900546838eefb743ad2e577fd18403bbd76dbdff277348923b4f9efd05
SSDEEP

384:SIfVtqZJ69n9OADdXiAbUCLYq8n1a8Mk1iM9M/dRBG9OPk:SGtqZJ69n9OqXiMRLSMqlM/dmOPk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
2196	msedge.exe
2196	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 1592	2196	msedge.exe	80
PID 2196 wrote to memory of 1592	2196	msedge.exe	80
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 3316	2196	msedge.exe	81
PID 2196 wrote to memory of 5016	2196	msedge.exe	82
PID 2196 wrote to memory of 5016	2196	msedge.exe	82
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83
PID 2196 wrote to memory of 4892	2196	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9b90bf92550835d25cfe08d55caca393_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd92e046f8,0x7ffd92e04708,0x7ffd92e04718
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,13668590398768128022,9085600159845077581,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,13668590398768128022,9085600159845077581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,13668590398768128022,9085600159845077581,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13668590398768128022,9085600159845077581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13668590398768128022,9085600159845077581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13668590398768128022,9085600159845077581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,13668590398768128022,9085600159845077581,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c163ea35fb00c0523ace8c197044c144

SHA1
883788f0dcd0d517dca1a213c6a00ec32911a5b6

SHA256
f43526810fe7bd739980e772ec27dc1f72c3bae215bb827452fd787cc6865f64

SHA512
c30ba15141e5f33cf41eda361be6c3e868ddc59f11b746fa3cfc5705f2789491c574b9657fdafedce2fa887ad8d84b7c51988adeeecb15fc76c0e7f79728345b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
df645e6e74d33ef57e8d173b687a0b32

SHA1
766b515edf29babb2039213efdc28152e3009686

SHA256
72a52762933016675ed721857857d07bf8c2405781b3ea45a2cb3368e3c2443d

SHA512
2dbae79fe716e914edf7e646ce552500827ae834d61faa929655e984ca22f0adc9b552ba07090fcbfeab6a5910c3e90914ad6bc9a6cc6c8899f90409240ea96b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77bcdec1cf04234d5a92abaa38f81f5e

SHA1
6bda05f9db8ca9b23edabf39e46fa67d38140bbb

SHA256
0df4d10d6b1bea130b33d71549f0e90c5edc4122578c127d0611a16af307b33b

SHA512
19d18ea61a4e017ad5e87bf0f6049f49fa16e88855d982a21925409e2236c99943d92548507a479620e50ff99a7ddfaedc5298c91fcb350763c45de2a1e4325c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1e1b01209ae11ced9b1429fe8fe05a09

SHA1
cccca56a6b5e12eb8e0b6b792ddeabe5a02ab5a5

SHA256
a4835b7bcb490ee1ea4ddb053676f914053124e67fb80ee68ed36e39bf2acb61

SHA512
39cb8addcd14e8df827e992f44b377e5c7f456c79e12656b076e014b0f7e503ac49d8797b13ebd67b4e32b6e3c2571dcc00d75214964188fbd041612ddecb3ab

Download Submit