09d2f345b115bfa0d55b52e106c39923e79fe05e04384a49e41d367f7068c52d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5fde9807adaa9aa4c108439f532b0a2_JaffaCakes118.html
Size

50KB
MD5

a5fde9807adaa9aa4c108439f532b0a2
SHA1

257d6cb74950bee0ff191089d8f18464aa4a9e79
SHA256

09d2f345b115bfa0d55b52e106c39923e79fe05e04384a49e41d367f7068c52d
SHA512

a89bc698ac7b4ea5a39595111468743ead3217deaa53a9fafdbc0bfdd2ab18706421508bd6f0d04c14bcc83f1dd79f36c329270cb9a1b35ad9c8634046b43740
SSDEEP

768:GhEKb1LETi7W7XzrZtPkmkM5eec1LE/8ohPMEmZbOZIt:GDZLEO7aXjkmkM5eeKLE/8oNMEmBI6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1816	msedge.exe
1816	msedge.exe
2228	msedge.exe
2228	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2228	msedge.exe
2228	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 4708	2228	msedge.exe	82
PID 2228 wrote to memory of 4708	2228	msedge.exe	82
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 4940	2228	msedge.exe	84
PID 2228 wrote to memory of 1816	2228	msedge.exe	85
PID 2228 wrote to memory of 1816	2228	msedge.exe	85
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86
PID 2228 wrote to memory of 1612	2228	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5fde9807adaa9aa4c108439f532b0a2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2c5446f8,0x7ffe2c544708,0x7ffe2c544718
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,9023138429535112278,15004594908948100659,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,9023138429535112278,15004594908948100659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,9023138429535112278,15004594908948100659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9023138429535112278,15004594908948100659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9023138429535112278,15004594908948100659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,9023138429535112278,15004594908948100659,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
3d4a9764d19b61b0694820519487d772

SHA1
9176064da48c2d5aff4c7fb892c4f15eef409102

SHA256
58b9962d70c23bb38b8f849df7315de0ab684adc29d41623605b49ada2215f41

SHA512
f4153cd95016a1538ae1e6ef259c2b0be0bf296626578a9bbcba862e354df2ea7660724d32c89229bd0b8efc26f4e29b43680d262eb620bb6358922d924c1abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e662b7c4b6ecdd4f214e31d26a67a4f2

SHA1
75be818c5d37f6ebbccbfdc227e92e3ef8763636

SHA256
c939265e14b7077ad113dcb135f3eebf685b03b11a8541251cd047eb2b806d7b

SHA512
3efbab520af209fff84b7c9f714dc70aec7d5cdf21cabd00ed2227a1cd212b04be5f35a57e6c1bebd8283e8dd82a06c337325a8b1dbb231fa0ea6de9fc116895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2736708b2324fffb28f2139ae21b133f

SHA1
65e9f15444a8680ab7ced5a7d65e9c7e076ce87b

SHA256
3ad611057f11f1841e3bc9ea33da27e5c17ae17879317dc9bacb3cba8b845287

SHA512
4f218cdd1d1eb896a731943a67a42079c9d3db3ec67d954420a24ac09e46cabf49789098d7a35088336e5d321d9ecd9c8b73ab9775edc34bec2614f9140a6d6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f47f3fd3cecaf500c0b140ce79a6983

SHA1
e15f4da37e043d069d5c2157640db5580d65321f

SHA256
cac6fa1bd577f1aea1675a65e36141c3936c163e820da576b43f75d68b9a6eed

SHA512
a442765deab3dc94b3e76c2161f3d9fb16cde02cb2e734d198e4930287bee40e4745a918c90165d3658600e258ffb539158f08da60b884b87db0efef5ae7b432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c6e9d464ba6036baad7ed785f663a604

SHA1
85a6cc860e739cbfa365311809cb535ba50dd957

SHA256
6985ce9ead45a6b09611762c4061b799219c2b6f964fd7ef046a6238a5ad2f4d

SHA512
54d75ee349f2f6cecc0d0e117fcda03d95f31e3a437f7d1469b7131f507b6e9a88c74e6bc3f4d47f3163fdd947637a4b95ea54fa19feb018c68c9219e5ce83dd

Download Submit