a3908f88d2e742d540189081fbab224594fe389f633680d920bfdb6ead906792

Analysis

max time kernel
145s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 03:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a7e20f5077dccf2de7815f3c846c48dc_JaffaCakes118.html
Size

38KB
MD5

a7e20f5077dccf2de7815f3c846c48dc
SHA1

d0ec53c4bf6560fd2bf68102ae8ee092a8579e8c
SHA256

a3908f88d2e742d540189081fbab224594fe389f633680d920bfdb6ead906792
SHA512

7dfa9998a82b26bb0c7bc0f11556630d5980e78839bd6747414c62ad00e22aec7dc85b4620296ce0b7af8f53a4eee1d3c543b735760c08331aead8732d422f77
SSDEEP

768:Y49IN632SBca+Khy90rwhjfqozTAmRsUKz4v7COhhimIdFOTXPz:19063N80rwhjfqmzz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2752	msedge.exe
2752	msedge.exe
4728	msedge.exe
4728	msedge.exe
4580	identity_helper.exe
4580	identity_helper.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 32	4728	msedge.exe	82
PID 4728 wrote to memory of 32	4728	msedge.exe	82
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 4100	4728	msedge.exe	83
PID 4728 wrote to memory of 2752	4728	msedge.exe	84
PID 4728 wrote to memory of 2752	4728	msedge.exe	84
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85
PID 4728 wrote to memory of 1820	4728	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a7e20f5077dccf2de7815f3c846c48dc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe902246f8,0x7ffe90224708,0x7ffe90224718
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7632558540976602799,12212876051296826743,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ba5ef24b9fa606c735564ee0b6159f45

SHA1
6e409b5447621a895ac4f75e19acbe6744a43e44

SHA256
16f25848f27591a039cc88b243abd0732ea4b14ad894d15a29f0f2df94db241f

SHA512
514685c24abbf2089413fbd206589fc9ddcd5e9ab3d687d82f2f070382b8c13795124631e50e620026aad3a3860ab155ba2873eeed52a4d56218d5f5ad9be633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
418ccf92938dd4c65b3a2a9b3868389d

SHA1
fc8e59f8cc8f2f1b7f333baf8ae138aaa1379cbd

SHA256
820eb7f2af0ff0355597c776f43b06d391bd1e31162eef7f5c49d08d87cc5db5

SHA512
496cbcd0c487ab699fe60d5f1474c6d9716959b1803784fdb00dcefd72e82b15b9b11faa750513516a1c29190b85eda54ae840710ec73b73b09df40fe1accd53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
eb8cf636819cffea6f54a5edcbf4f4ba

SHA1
5565a90ef389e83ea763c2b81204188a80650191

SHA256
2c541b921a682d63ad818e50ac97ac1aa44ce5d08553e0a6720a0d2ceabec863

SHA512
ca45f3f2e938a06d9b24072d61e84970c637c0e02a57ccc5d232c36afce749d13b537eedc37f8d5af275d928398e1f3093e5a2a82e2e209672918ff1a02a5a12

Download Submit