a76cc349267094d504421353e7585f8d09475a8862f615fea083ac40c662e097

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 10:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a068b90041e4bf75fc10c8e37ebd7e06_JaffaCakes118.html
Size

112KB
MD5

a068b90041e4bf75fc10c8e37ebd7e06
SHA1

0c93e62dc5c40e7ccda937647865d867156e86d2
SHA256

a76cc349267094d504421353e7585f8d09475a8862f615fea083ac40c662e097
SHA512

e6e1c1c5b78817280a48514fc201b034ff296c2b316d49acc20784f41d91b59d88b237c44f354fd151068a2c4444b7a05ac8c53093e01352e6b74bf899c49ae5
SSDEEP

1536:ShJMEUUa8dWLd0DPyAJB4TIJ8XVAMx42+sUsbjgIRuTL1a5ipYjLo:ShJfdCa4TIJ8XVAMxb+4i6g

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
652	msedge.exe
652	msedge.exe
2216	msedge.exe
2216	msedge.exe
796	msedge.exe
796	msedge.exe
796	msedge.exe
796	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 5056	2216	msedge.exe	80
PID 2216 wrote to memory of 5056	2216	msedge.exe	80
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 1440	2216	msedge.exe	82
PID 2216 wrote to memory of 652	2216	msedge.exe	83
PID 2216 wrote to memory of 652	2216	msedge.exe	83
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84
PID 2216 wrote to memory of 4616	2216	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a068b90041e4bf75fc10c8e37ebd7e06_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd510a46f8,0x7ffd510a4708,0x7ffd510a4718
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10554824842536806115,169555334962479829,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,10554824842536806115,169555334962479829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,10554824842536806115,169555334962479829,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10554824842536806115,169555334962479829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10554824842536806115,169555334962479829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10554824842536806115,169555334962479829,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
608B

MD5
001c2505f826e9d833f47081bdb0548f

SHA1
a9af63d6ff8a9822e4acada5393f39b10f2d91e2

SHA256
283b44d5f88bb6ec4245a435acc641b90b614391009db1bfcb4acb369768b066

SHA512
921f8a2fbebe64c4efc278502e5cc0ff71c3258cf1378c48760366cb88bc12077cd20b0c349c51dc1b679b1497715af40b446b679fcc4036fea9734e9cba9406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7cf944649089c440731de885ec642e71

SHA1
6f2d789a4948d8cca4573164e84ee50f37c3b34b

SHA256
26239b183a6ba9cb63794268ea59a19abc0d0c688424b86a2ac24ece62bd03a3

SHA512
022f8120cc53c3261c3b76d538878143d1f58a97ec27c2a1d0c121571df00aca8e9c2426440ded1f73080b172e62f2a032c57de41114218006953f2211f9bfab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e21a55ef57589d223b7837412170435e

SHA1
4ae74fb3ea0e19b1551628d3efa52be373573897

SHA256
d04a4067e9b75b21de490cc21c7253721fe3089f9fbb2468211466ab86def7ec

SHA512
40c4c6ba02d71e8e8b702f73e666a179195c9e1956eba839f458a08cf351487feaf30a528f194e0a750b8f71f3750a1b627828e05241f63715cda1a3198cff4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4d95e234ede71f28d54d9c62b75929d

SHA1
65fd0fde9ece1ec2afe68a8cfe1f62698346c1e6

SHA256
48a1fdfd700b2bb4b0c10614127ad14f64659dae613cf08586a3bd80d4e917f7

SHA512
7728157db18cc6981e5017a60c454a460473af08040fc4e1914d619187a754f0b25c9c28e87b15247a5e107b2f4cf9774612c267423301f1ce6f70a894e24e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
30ac92801971e83fd3c485e9acb9d6a2

SHA1
4e1822049853b3855c6d78dac6178910047851d8

SHA256
7fe2e47f6bd8840b0994c7b811a94e0e32f530aab298bdb342f6ce80c90aba6b

SHA512
e767526737c1581a39850c30ef7026953e0fec62f454c286f76e60ccf85dec6e3dcd09752a85f2eb330d38abe334535edd94878c077f7e4a2306af4c483c9a2c

Download Submit