452e75876ee405f41b36cd818db3b9f8f8919db8252e2586108301a23b9ca50e

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 11:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a97ba009133bf4bc6d336882b885bc73_JaffaCakes118.html
Size

207KB
MD5

a97ba009133bf4bc6d336882b885bc73
SHA1

981a61c152495c77cfe4063a71e0a40a64f006bb
SHA256

452e75876ee405f41b36cd818db3b9f8f8919db8252e2586108301a23b9ca50e
SHA512

a727456a20d674d35536b11db43c85e5d18b9fc9ff924df670f432473e31db7548b404724167a886612f2f7cdaea2b0b864b14b9cf27274f91343c589c280442
SSDEEP

6144:v530DH6NEQwjcHXxQRVufJc/09a1kI85F:vuDHQmjcxQRVufJc/wF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
3296	msedge.exe
3296	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 2252	3296	msedge.exe	87
PID 3296 wrote to memory of 2252	3296	msedge.exe	87
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 4832	3296	msedge.exe	88
PID 3296 wrote to memory of 3088	3296	msedge.exe	89
PID 3296 wrote to memory of 3088	3296	msedge.exe	89
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90
PID 3296 wrote to memory of 3512	3296	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a97ba009133bf4bc6d336882b885bc73_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb621646f8,0x7ffb62164708,0x7ffb62164718
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,16321663995448630124,8772200302573780136,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,16321663995448630124,8772200302573780136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,16321663995448630124,8772200302573780136,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16321663995448630124,8772200302573780136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16321663995448630124,8772200302573780136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16321663995448630124,8772200302573780136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,16321663995448630124,8772200302573780136,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
257c0005d0c4d0bb282cb470925e4376

SHA1
f9b8efb511ed64292568977c9f2ec255509e8f7d

SHA256
8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22

SHA512
2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4819fbc4513c82d92618f50a379ee232

SHA1
ab618827ff269655283bf771fc957c8798ab51ee

SHA256
05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c

SHA512
bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
37991f297671aca0dd3532d197e2460c

SHA1
4c28bc3f82d26deb4749ef27f875011a267af549

SHA256
f6611b15429638bb58aacd5b349a542abeff8e0f6273d45e8629b970848fc53e

SHA512
873beaff55a5af3d478a94eb2e5bac26124c94518a07a55d6d1580eca46a48860847a866e74253a49595450d8c1f5b340d3e0246856b3a9a80613da49051dc7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2f070dd39799e7f2d334d4c32c4f496b

SHA1
e39b7bc729af12cdcbbe2582aee35835b7bddc84

SHA256
72acd0902a83528c02ed7d06600d65012bd87d50f802a91ff90eedebb0c4cbda

SHA512
290e2254d28af7e57ae1f77194f2e3f506feb0be7c646ddd1e5f6ae80d16018c11a64b4659b4116c9fb7c858cf5de96a5691fce87509179d5e9841f92c85a3a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6042957dc3da7d58e05c48f02d76c62

SHA1
95cf3f17cb4f2396dc51bdb443c78359109977a9

SHA256
9facf6506d3665a2e4d6bdcecdaf3a52f461444037ce41b3ad6ee8a8d7f21cce

SHA512
5782139807ba10aeda0440dfb9f2ae325d9d8299ec6c3431e97dab2bac7e85aa749d4d16290b5897850150e275139d8c6dbdcb8fb809f560f3c83f348b640814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cea7834db0fbdc1bdf7699100ef1bf44

SHA1
8c0c563bd1cc7e91c19864b8072edab60cc1091f

SHA256
254616861b7686d61e64ff652360fe79e8db4ce34270e71364f91de0fe6b4032

SHA512
255addbcf5691ad8f9298710fb229feb5215013c578264c31c1642c740b8d93d705a129e0dd46cc0604b8654349efbccd6a95049ae82a924cbee0a3c3ebf8a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
95cd1581c30a5c26f698a8210bcab430

SHA1
5e8e551a47dd682ec51a7d6808fe8e0f2af39e86

SHA256
d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9

SHA512
e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d0600c585baf540139c2e081d75de91a

SHA1
9b519fbb5c428cc3d7b7524c587288db29c50d16

SHA256
972c4035184a859461d14e71d848acaffbf8fe5a0939baaa057f8d003ddeb45b

SHA512
985013bec2c32bfbb7cd8fd9f8126cedd41b88ed18b960fd26c4389cf1d564d891e663a708b67dd6ddba9f819ae0968620c72fa0473a7ff741ad76528b2bd250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586107.TMP

Filesize
707B

MD5
d365a4b843be45026f6471e807848dd7

SHA1
eff7afafb59d649992352e1d870749d9ac9a61d2

SHA256
c2df98a8e065c6a875a8c930a97dc8015cce915f387cc25f1120585d9c33441e

SHA512
c2aa85f6b7dd27be7588cd815e5eac11dc31015a3e8445e967614b6093e8da35cffaf4c5c69936e1930d8bb7c0c9b113c66d24ba18e1d1751bb7d5d4b9107f23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1446d8dc987e58152cf418ac0a5b9ee2

SHA1
39cdae27e6662675e373e4bc399bdcaa0ea85628

SHA256
690d3f81e4b7219127d9555e5a07c1a6eacdaec11259bffd72a5b052e1c7371b

SHA512
7f14a0e0f3b25b41f22b226d6954b5e7a15e80c39733f573584201923427154a16f02646341ddab17c65c3057c4f4dea64fe657ce0b0f7611dbf77ada1d8cff9

Download Submit