870c658597dcab2f817f275122ba8e142240fe20a48b1bfe3788fd3143203ef3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a11e36b8985f52045b2801cf22860073_JaffaCakes118.html
Size

57KB
MD5

a11e36b8985f52045b2801cf22860073
SHA1

2cbe5e8a0d90291384e1e2608a98e78dc617b7d4
SHA256

870c658597dcab2f817f275122ba8e142240fe20a48b1bfe3788fd3143203ef3
SHA512

7ac60f307d14d3088a83982b3a5138bc37df146afeb3ccd4143e6fffec731369dfcf5e1db715cb3a84a43432eb73d9420876954d9a6b54bcad86bf207521e81d
SSDEEP

1536:5PU5TDbwmZ3vdBZollDazoiGkuu21MoaAZ4nmYbqvP1/a/:K55VvdBZollukiGTP1/a/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
1444	msedge.exe
1444	msedge.exe
712	identity_helper.exe
712	identity_helper.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 2692	1444	msedge.exe	82
PID 1444 wrote to memory of 2692	1444	msedge.exe	82
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 4040	1444	msedge.exe	83
PID 1444 wrote to memory of 3356	1444	msedge.exe	84
PID 1444 wrote to memory of 3356	1444	msedge.exe	84
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85
PID 1444 wrote to memory of 904	1444	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11e36b8985f52045b2801cf22860073_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb750746f8,0x7ffb75074708,0x7ffb75074718
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8319991949230842162,6823025963709937495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,8319991949230842162,6823025963709937495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,8319991949230842162,6823025963709937495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8319991949230842162,6823025963709937495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8319991949230842162,6823025963709937495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,8319991949230842162,6823025963709937495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,8319991949230842162,6823025963709937495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8319991949230842162,6823025963709937495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8319991949230842162,6823025963709937495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8319991949230842162,6823025963709937495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8319991949230842162,6823025963709937495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8319991949230842162,6823025963709937495,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1c9eb4fe-42a1-41c7-9f96-af477dd15f34.tmp

Filesize
11KB

MD5
cf5952ee68101bbb9dae1ab18a97ffee

SHA1
0a52ae2d5a73ada65def2fd92595cc3f1cdc2166

SHA256
7d29befa468453f92d5259a19f121875878d99a6fc96c9cf756b12fca098104b

SHA512
2afbe76fb9dfde0ef89d69068a40d5ee2c62b2d055d5b2a39695dad502bd41d31bb81cb254224ff2de489d6de4b3ec2d118ea09c9e69985c937adc59a8ab2c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
177B

MD5
af208c6bb14127eea0541bed38bd0a06

SHA1
c5f4da6f0726b3f85cd81f2b4ec5aade4915baa9

SHA256
fdc65b15d14ebfe8c39ae462afbdd24f95e471d3d72c93e1bd71b64dc5c46c42

SHA512
d6fa99f77819d99a717d9a107004562136d4fe4cb5e3f045c317a87419e93be2b4f630f53165d3ea508cf18eed04a88fa527cb78bb82f71bd3740e1e032b7727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4dde5d23b1c4db411b19bf332c714d2

SHA1
4845e8a3a3215d045e91e878ca5feeafd02138b8

SHA256
1dc7d5ebc601fdaff15ac4944334f03f8b944f61f1007c396473c240822be447

SHA512
03a733f1d11300050f22ab0c787cd641be954e1ae9546829ae2d1cbeed214f0b17145f1fd5bd6f07b8d902d5f9e056bedba94d230fed18d66b1385295010f74d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5bf38bd97b581dd272e22a08ca7c140

SHA1
4b8fbcb2f2cb88b68970668f9b43e970f27604b9

SHA256
7907e3ba0bf833a908d774e2940d6ea4913c39cbe41e3263f414f723d803a0a1

SHA512
d92be45c8cf58b81d3d1e2438e63061ccc24cd53255a863b13aea88b05d0057f84f0a12d97188cfb587c47809c17566827f8a9ed5d6b4a4c218ced048a58194f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit