0038e78153c7df5ea2453772dd02b08fe5310fff5e60cb3e09040e872694e373

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-06-2024 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e233d9d98bbe0827fccac639c9d4307_JaffaCakes118.html
Size

139KB
MD5

9e233d9d98bbe0827fccac639c9d4307
SHA1

b7aa6a3e79ca3f72093b0176a25dcd7402545424
SHA256

0038e78153c7df5ea2453772dd02b08fe5310fff5e60cb3e09040e872694e373
SHA512

180cc994f40123d6f07e5e82bb3fa2716041ff2d521534ae8605192e3566efd65ab5000b151ccf193161f2f267dcdb2fcd4641e5db8d412244ddd23945b75ef9
SSDEEP

1536:SgJZQSln0yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOZ:Sg/0yfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
3988	msedge.exe
3988	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3988 wrote to memory of 4996	3988	msedge.exe	81
PID 3988 wrote to memory of 4996	3988	msedge.exe	81
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 8	3988	msedge.exe	82
PID 3988 wrote to memory of 2372	3988	msedge.exe	83
PID 3988 wrote to memory of 2372	3988	msedge.exe	83
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84
PID 3988 wrote to memory of 1432	3988	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9e233d9d98bbe0827fccac639c9d4307_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb55f646f8,0x7ffb55f64708,0x7ffb55f64718
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,521880517259793005,9650795758597190109,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,521880517259793005,9650795758597190109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,521880517259793005,9650795758597190109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,521880517259793005,9650795758597190109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,521880517259793005,9650795758597190109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,521880517259793005,9650795758597190109,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
002bd1c851037848511f301f529220c3

SHA1
1ed46b690541e4ef27cb9234f16ec9199a61cc37

SHA256
cc453e994e8c4324e98c37e178920e109d6dd31119e6492b8ac88243da670276

SHA512
bb1fe7a37471048819ac260f2f2c70888c7444c70ace1a6373284a73e18a6831ef2dfacbef3ad306900e6689d6c7c562a7c45610ba3b8b0f2929ced9385f46f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be33c51cd0eb091e5deef930d5d6f60d

SHA1
007df022b70c42152778114ee44694f5cfba6b9d

SHA256
6d3256fafa996d671c2cd514ed67c6f4c1e58297f55c8ed55cf200cc16292199

SHA512
d06e04301fbb227cec95bf162cd9e052d89cdae2df4e6d41f8ea84ec9fc3497301c2b99c899d3ac09d823c80627c9148a744a0ded830105e4359fe25caa34111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f53e51ace96b7059eb67ee2b25269950

SHA1
febe05a4f822f5f9f26958fe9b3443c6ca0be22b

SHA256
0eb4c7df5c0f15de72fdd7dc6d63a8e9f7ccb17e015cc95dab830411b92a7676

SHA512
7b9292d7c0fd5689774f582572841443eb579677a73607c4485090ecd1f43baef65b4361ec8f0f5bddc8c125444019ad0f4713e45acdd1132fa0317e713bf8f2

Download Submit