3328e22997cb3d2e4977a475bdc4074abc450c29d31a93b108919b166e453303

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 12:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a57f590486bab207f3545f563379a045_JaffaCakes118.html
Size

4KB
MD5

a57f590486bab207f3545f563379a045
SHA1

f1f6ab1f16c9b5be8db03a33daf1e69f59fe7095
SHA256

3328e22997cb3d2e4977a475bdc4074abc450c29d31a93b108919b166e453303
SHA512

9f261a8eab83f8292c0db7cf44fdbc727d43957bd1ae247a2074a613b61ebeea374470fa26984c327295b3e35b07bc4829aabd28f0e2b781803e625d27d909ec
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oFHUxd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pD/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1296	msedge.exe
1296	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
432	identity_helper.exe
432	identity_helper.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 3808	4164	msedge.exe	81
PID 4164 wrote to memory of 3808	4164	msedge.exe	81
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 2308	4164	msedge.exe	82
PID 4164 wrote to memory of 1296	4164	msedge.exe	83
PID 4164 wrote to memory of 1296	4164	msedge.exe	83
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84
PID 4164 wrote to memory of 552	4164	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a57f590486bab207f3545f563379a045_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef34646f8,0x7ffef3464708,0x7ffef3464718
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,16282475513186413742,17944364688203750741,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,16282475513186413742,17944364688203750741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,16282475513186413742,17944364688203750741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16282475513186413742,17944364688203750741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16282475513186413742,17944364688203750741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,16282475513186413742,17944364688203750741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,16282475513186413742,17944364688203750741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16282475513186413742,17944364688203750741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16282475513186413742,17944364688203750741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16282475513186413742,17944364688203750741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16282475513186413742,17944364688203750741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,16282475513186413742,17944364688203750741,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5200 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
292B

MD5
6d0b54e05ac419b75006a180fc98c9b2

SHA1
75f3e8fc5ccf481be27965e43e34468d6b6df5f1

SHA256
f7fbf7119475c749b8363c58a4d78a284fed6b16872ad98a85858fc846367571

SHA512
42abea010afaaddc545034e9af298c11fb8aa92db82271a7d026f2c35a67cfeb75ee25a07b8eadfb99b81bae1bec66f13213be018cb7f1d33945d2d3ce1cab29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
edd1362e34ebb50113aa22fcf3519fd2

SHA1
db5b9d155dba0f02df120ace2ea67c8fed79216f

SHA256
6f626363bf46de5b9f1b7402d46a0bd955ebab8e79a167cdab9a25625ec7a5db

SHA512
8bd525279838ab2869a41d2867bb2d036df9e4d2a7a1e016041a31414fedb26a2059a1549e173df6866675ee8915b6831e11e0db60dfde0b749717ae41348be8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b507e0e887c6d00f31f0a424c1d64d60

SHA1
eaa71ba0357b4c4ce4f6c9975c2c64323f5d7e3d

SHA256
ac490268cadbeca702c17cf7d267e4b907f3e3976000a5de018d9e938dda6414

SHA512
fbc69c7f5ccc601e21e42a3ad62d6e2556861e68e1136297141ccb078bf5f4baad947df8d9807094b6022a10484421d635b12191c65b6ed078314e30d2396609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9619d0d8e1f0eeb6fb112ccec380bbbc

SHA1
6dfe4ed99f34c87ff88c87cd9d49e55fbca534b8

SHA256
561d304ec6d843de29e28806f64e2c3fd47d7047bfd7a0477df7bb3e63d2a377

SHA512
8de644efc4595d0d56f4bad4e5942375f77ce889cbd25a4de1cd6b58d0ad1b85587435031ad4a3efa99948622023068edb47dad82503ed44170ced66e838896f

Download Submit