a64deedc57a03af1a4f616defcab64ae85a11a58aeef4a60469adb2d956edbaf

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 08:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a48fefc6cc51cd619cf6d427bc1844e7_JaffaCakes118.html
Size

139KB
MD5

a48fefc6cc51cd619cf6d427bc1844e7
SHA1

be9b38f241f3e9add9623971645abf00436fe334
SHA256

a64deedc57a03af1a4f616defcab64ae85a11a58aeef4a60469adb2d956edbaf
SHA512

ba75850ca3e32a24547ef7ac2fac3f6165df4d7e1977cf3f2e0888f07819b7a512ae25844fe24b501696978a1d19b369b69bff2b827a66a15a11e43089490cf3
SSDEEP

1536:SMYvVhD7xT2slOyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:SMYX81yfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4620	msedge.exe
4620	msedge.exe
3380	msedge.exe
3380	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3380 wrote to memory of 4760	3380	msedge.exe	81
PID 3380 wrote to memory of 4760	3380	msedge.exe	81
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 1940	3380	msedge.exe	82
PID 3380 wrote to memory of 4620	3380	msedge.exe	83
PID 3380 wrote to memory of 4620	3380	msedge.exe	83
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84
PID 3380 wrote to memory of 3532	3380	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48fefc6cc51cd619cf6d427bc1844e7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe473b46f8,0x7ffe473b4708,0x7ffe473b4718
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,15365426987498211984,10603525388303580931,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,15365426987498211984,10603525388303580931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,15365426987498211984,10603525388303580931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15365426987498211984,10603525388303580931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15365426987498211984,10603525388303580931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,15365426987498211984,10603525388303580931,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8455dd44b355afef9a446791e66f86e

SHA1
8cc8d898d17226120389441322c83fc7a211dbc2

SHA256
dfbab357266790f144715f2d2254a205f528e02d1cfa7df3983f91ec9bffa0f9

SHA512
942b02b7d771bc0650a29ca279a2fe52a0430bb0fafe3f25645eb5a2f1f152ecf05b1d29e882ce6618eefa0c7cbe74c7ae92b70e6c1cbbb82f0aaaad6430f63d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9cd4abce76a5163c0141aa52130ea87f

SHA1
b3474acdfc70aa4bfccaa12bd79813b13d23ac7e

SHA256
6bdd1c45dd2e160b77493d68fb0e941bb6d942000cdb58913524d82ef77b1807

SHA512
9ac8c09848bd1508060a40274e4eda85f3b3f39d78ad807c76ab459742d02801f2fddfd0af6fbc0e3d4613cf8d1ff0999d342fdfb20ab1848be0342f2173cd86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
58ce24e79cef3cd653c3ee0d9e1c9873

SHA1
2af33886fd67d8fc8d4d54b8ff7b7e8a3d408ad5

SHA256
26fe28e907e1ff46df36d55a0d11a1186f0b7fa67747cd7af38eb6a015972053

SHA512
ca6096268cc85ed2a924922afb8ddc32435ea7d6f49b22b5cd2b7a0fdb04cfbdec650131f4895237ad60057486496e0abb49f4d4d23574f476edfcfaa10f52f1

Download Submit