999ac0c765a59b37343624a8eedf16bed059a136c61584c9839590237519d5d8

Analysis

max time kernel
145s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a354a995927ff316d1d843e6fcd9d5a6_JaffaCakes118.html
Size

29KB
MD5

a354a995927ff316d1d843e6fcd9d5a6
SHA1

da290a847698b6e3bf631c1ddf00156f09cf20a6
SHA256

999ac0c765a59b37343624a8eedf16bed059a136c61584c9839590237519d5d8
SHA512

7303d861b369f2536b0be90f6815e614953d8fd11d309d92653cdf8db48cd136d95c587d6a6bd6f8b2c8656fe276203e505cff9ac77b207044949da74469b3e0
SSDEEP

384:4ykWaw/TJnBBEgeL2oz+4i+4o+m+++Z+1+H+b+p+c+6FAc0FwzH5VLqIpTMVU+wD:4M+o61BeAI00FWCLk8qsykd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1572	msedge.exe
1572	msedge.exe
5076	msedge.exe
5076	msedge.exe
536	identity_helper.exe
536	identity_helper.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 4048	5076	msedge.exe	83
PID 5076 wrote to memory of 4048	5076	msedge.exe	83
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1540	5076	msedge.exe	84
PID 5076 wrote to memory of 1572	5076	msedge.exe	85
PID 5076 wrote to memory of 1572	5076	msedge.exe	85
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86
PID 5076 wrote to memory of 2104	5076	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a354a995927ff316d1d843e6fcd9d5a6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd421f46f8,0x7ffd421f4708,0x7ffd421f4718
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6c90ef647302bc78df968885d5575779

SHA1
b4bdb8c0567cec45861c6f66c38cf76fd3c24b35

SHA256
454eaef2b74f7265ca827cbbc4e581455fa9eb9b89adbd963ce51cac96eca9e9

SHA512
b3ccdcc14d5da066432160717d042607971875f9cefdc89b2d20547151eca35ca5a4af4330b3f315e5c52d939d694484d83d3fefb0bc3fe559a5cf1be19188c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59f2a394bc8cf5d0d3cf6eb8b0d75baa

SHA1
f8daaa581aa51ca68f7aa16779b6a2f99b3c7515

SHA256
9ef6b1a4c3a90c466d8d121fa9fe608a9c41db63a9597ec3b7bd7b6164de1298

SHA512
2a8a95b09a1c36dd7f6b64db6760c998c2d9e537b8d484eeb1a4df7631369f89a385c435fa9ae6702f7e5291d2aad7c0cfaa3078c735242e9eb6dd2325f6bb99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
509fff85f3e6b23373d083deaf220398

SHA1
7d21cbd00e47628d34b8cea7b35d541bd2ef8d4b

SHA256
e326c0de77d1617f4b20831c06c04dd43568035c4d8bc1a8a5490adeb90bf0d7

SHA512
940f4b1facf78813f12d36a11bf5024462784837cde69363a62600c9c25ec9c72a674d25d35ead85f94327f47b1aa4992924aed399f3e50f0f4364c7f0c6eed1

Download Submit