d6e0a6a48ab93aa150bfffcb7a5b4f8f1af20bf54ef09f16da858a35a2529df4

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 07:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a87e53f7eee50d27e4877b65189b8cac_JaffaCakes118.html
Size

139KB
MD5

a87e53f7eee50d27e4877b65189b8cac
SHA1

be325967bba01c1231bfbae73e4604d779d4a193
SHA256

d6e0a6a48ab93aa150bfffcb7a5b4f8f1af20bf54ef09f16da858a35a2529df4
SHA512

915f062af139944bd00356510f566921f920a12f218fe1e8b4e4226abebfce07aeb1b6a24b17786ac290e5dc6f9381937d1800b7c1313bd402d6aaf0fcb372a7
SSDEEP

1536:SnbfdsnG/Zl3buyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:SnGnMbuyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3224	msedge.exe
3224	msedge.exe
548	msedge.exe
548	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
548	msedge.exe
548	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 548 wrote to memory of 4484	548	msedge.exe	81
PID 548 wrote to memory of 4484	548	msedge.exe	81
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 2668	548	msedge.exe	82
PID 548 wrote to memory of 3224	548	msedge.exe	83
PID 548 wrote to memory of 3224	548	msedge.exe	83
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84
PID 548 wrote to memory of 1820	548	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a87e53f7eee50d27e4877b65189b8cac_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff959b246f8,0x7ff959b24708,0x7ff959b24718
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,11036927140886677754,3849378792229795821,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,11036927140886677754,3849378792229795821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,11036927140886677754,3849378792229795821,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11036927140886677754,3849378792229795821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,11036927140886677754,3849378792229795821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,11036927140886677754,3849378792229795821,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
06bd676eb3f1d80015b9f2f0aad7c833

SHA1
1bca75c4720f758ff2ba2b5fff51f80054c6885f

SHA256
2132e9448c114ace04ad0b314576d860591befc773dce50080df5786c450061f

SHA512
bd7039920002f8d6016387145efe865a9ed9bf21ba9b6b6438e7234ea7afac1aa6979bf158cfcdd422f4170a94159abd6888d9d7c1b08c14a7e9b502588cb9aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f476f78e0485bea7afc043df12fd549

SHA1
f7f5b7c7d079e8c2c3ea44c3accaa643d2fb9b70

SHA256
81a4a96b54c0adf3cc3c5e1c11292ecac55faa908d1b6ebb5f31df9af666c888

SHA512
9d391f3cfed82fe01eb08c94ec2d689543a4f55da219f0342800a1a23c3f4ffb710b5f0a16e170e9420b1c20a6fe6b65cc3013c48763c77cceff0fa1e5a91647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
07f506fddf2a99f665e91d00eddc7288

SHA1
019b477aaae037d4c6018e3730f85594a1209b92

SHA256
810709367dd83bfc8ee407b59bb24d643b25c444396a9e5dab983119cbee8d09

SHA512
9f0c3febeff9713a45d04c06b1b72e4331c017395cdaec3c9f285ba9de6f507f878aa51b9f3eced2218d48389091136d36a28f7900a46a976b231ae759cfcdab

Download Submit