af512b4adb22c14b611102b12de2cead5419d9f624c93ca9d30d2df066afe0b9

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b07aa936703ab85edb6149146450ba7c_JaffaCakes118.html
Size

52KB
MD5

b07aa936703ab85edb6149146450ba7c
SHA1

51afddbed2f0af7b8d7facfb4f9b53ceb67ecfc8
SHA256

af512b4adb22c14b611102b12de2cead5419d9f624c93ca9d30d2df066afe0b9
SHA512

241a6d9af497f18a563a541540e97b8272144eae21e3ac9cd1526975824cb1890f374883ddd7a5adcc8bb3673b8efb947fa8277d78ffb1baa342532f4c581d6c
SSDEEP

1536:oQQhOBMpIIBMl6JMuvqHHqxm9oGfiStZQ2Fs:yU6JM5H1iZ2a

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4084	msedge.exe
4084	msedge.exe
4248	msedge.exe
4248	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe
672	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 4484	4248	msedge.exe	82
PID 4248 wrote to memory of 4484	4248	msedge.exe	82
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 444	4248	msedge.exe	84
PID 4248 wrote to memory of 4084	4248	msedge.exe	85
PID 4248 wrote to memory of 4084	4248	msedge.exe	85
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86
PID 4248 wrote to memory of 4548	4248	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b07aa936703ab85edb6149146450ba7c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe42346f8,0x7ffbe4234708,0x7ffbe4234718
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12023702254093667161,10065096189838156102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12023702254093667161,10065096189838156102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,12023702254093667161,10065096189838156102,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12023702254093667161,10065096189838156102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12023702254093667161,10065096189838156102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12023702254093667161,10065096189838156102,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1312 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5412bf1ac3f10a905519004b4e7f4aa7

SHA1
e2b8506169486f7a77e8a4a132a532f3846f88be

SHA256
9451d41010edf98f72dc5b60114ce680294d0406c11ff0eefa1b893c85130253

SHA512
7fe152c5e6ec2eac163b42694749ccfc21c448d2ef45b1d49918104d8fdc8ab925303c21e5b31059b190fef03719ad06b5395466bf07458a9fdc4634c6d66fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8bf706d3932d55df252f5e0be9ae8424

SHA1
2abcc87c4e544bc9f12249675240c3f1134af9cd

SHA256
020ad8be30e8102ad4531ccc3c5bb63374a4adb15759186e94f42529a21c935a

SHA512
ca833c366f160c3a2314adc1c222ded3b7488278c32e0428999815de4a1ea7e44eb4d6d2350b0b5ab4908c5bf45d08f9e66637a25f428fd963c53159c94182c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f74c05e672c26762e031be19f3ea39cd

SHA1
3f886444a69383f62121eebdf7f530b64c96b062

SHA256
96f36e1b05ae123dda090ac0ac27f713cedd44e47d8a07b3dc1d98711e69ec98

SHA512
cc82f12c792c8dbc31217059d9d4385d192627c15a5575c8c9d97e1693be0d4e104c860f994e3008cfc2194cf34a11057d2175ba6ccafc5ae37c3fb9ada04b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8af54a4a34317a32012b1669b3590736

SHA1
d05f99142a058a3b7ee4ed73790ca474afe1196a

SHA256
e3e3bf561a3fc6c5de1f5927f54b2e141128c4d79cd5f15da63479bb468e053f

SHA512
e456aace759ff872a542952ad8f0ce0faef1af3809971f75c9def31dd9fb4073c8dacc914c6498b7c3af17c4242adc52eb0e4fd0a8be956140dfbada7bd9fd23

Download Submit