34ffe627108319a4da80461204849b2bd142b0c66a11a841500b428a42800015

Analysis

max time kernel
145s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a68c53e7ed9b7096e8601befb76f8503_JaffaCakes118.html
Size

24KB
MD5

a68c53e7ed9b7096e8601befb76f8503
SHA1

902657a61bf2b700ebbca7792784889e2aeb53e4
SHA256

34ffe627108319a4da80461204849b2bd142b0c66a11a841500b428a42800015
SHA512

d7749fdf1eae3390efe978470757f9132c7dd1e00bafab3fa1cbe389db8eeee1c862a30a594b90254d7d644cfc2968d0f0d259b1eb6fff1e1398e95dc4668ece
SSDEEP

192:WLZLwKQJUOkyWBRUOez5UdQ/uQe/4UigVkBlrPB+p+IuPi6bW1ThC5WafW8Ohp+4:fgRUlU2/IX7VuE1TR5ZfpTF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
388	msedge.exe
388	msedge.exe
1736	msedge.exe
1736	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1736	msedge.exe
1736	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 4480	1736	msedge.exe	81
PID 1736 wrote to memory of 4480	1736	msedge.exe	81
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 2840	1736	msedge.exe	82
PID 1736 wrote to memory of 388	1736	msedge.exe	83
PID 1736 wrote to memory of 388	1736	msedge.exe	83
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84
PID 1736 wrote to memory of 3532	1736	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a68c53e7ed9b7096e8601befb76f8503_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffe473b46f8,0x7ffe473b4708,0x7ffe473b4718
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,9116565511744105968,3599493220334489606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,9116565511744105968,3599493220334489606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,9116565511744105968,3599493220334489606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,9116565511744105968,3599493220334489606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,9116565511744105968,3599493220334489606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,9116565511744105968,3599493220334489606,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c0bbf5a76230057e4d88a10e90cf7e5

SHA1
1e5417561f7258c27b4518b6cde591e7e6cfdc25

SHA256
1940a19b63035b5cf46883575eeb6d88034e9b56dfd827c4b72d4f89ab19beb5

SHA512
6662c66951eff27c5d071db1fd372e3581f8bc1a258ad0778dc1a54df4e00ef5f1b6c565288dad196131df14bbcf9991f258f4eed23c010e4d2c69eb93b3900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
769e1105ecf88cfcda111c1eb67aaf6e

SHA1
a5e548a26221ae7d9e444c38396bcbceec09917e

SHA256
79b02ee89ee91b2662134dff1aa925477abf1b52f94eed353b398822f284bc3e

SHA512
5c75d0d9db47f05135874c8fa571c01764b2f07322a4b3d1eea9f75e58b60fbc71e44e8fa7b7de0ce43815aa5602ffae979d60e281fac4f589c3c21891943a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f47b008c7029361f66a26786c6c95bf4

SHA1
9459a75b62964fd1d96c4f85f67b9fc3253d8b3d

SHA256
0cdef0a2784ef937c5b5094b1e62a35cb3cd8c22b0865fd19907210bab4459ed

SHA512
081fc045ee0d974d4f56b800f773c90f26fdb53a77fb855a7a60c3f8333ebaca989bfd52966582659c0aa7c187983230e6abfb29159a87ce3b465fe0a0398e81

Download Submit