10fdf60104a5ed124f68566305272b75814235d803e586010d033cdad38d3bd8

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae37e9e43d8293baf9b6aed923ce66d7_JaffaCakes118.html
Size

206KB
MD5

ae37e9e43d8293baf9b6aed923ce66d7
SHA1

f7eee18ce4a3ac56d84c4cebe78f33e7ea44b863
SHA256

10fdf60104a5ed124f68566305272b75814235d803e586010d033cdad38d3bd8
SHA512

b2a04b0c75a1a7c2640180213460344afed57525b6c4e3214a8762560037d7dbb1507b9af3f6b265d56ebffe91a1c851f83ce0796a101e38d0e4cd73b19da377
SSDEEP

6144:r530DH6NEQwjcHXxQRVufJc/09s4kyR5c:ruDHQmjcxQRVufJc/Mc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
4164	msedge.exe
4164	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 3808	4164	msedge.exe	81
PID 4164 wrote to memory of 3808	4164	msedge.exe	81
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 4052	4164	msedge.exe	82
PID 4164 wrote to memory of 1228	4164	msedge.exe	83
PID 4164 wrote to memory of 1228	4164	msedge.exe	83
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84
PID 4164 wrote to memory of 832	4164	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ae37e9e43d8293baf9b6aed923ce66d7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef34646f8,0x7ffef3464708,0x7ffef3464718
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,696328500932037121,8260756286587143956,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,696328500932037121,8260756286587143956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,696328500932037121,8260756286587143956,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,696328500932037121,8260756286587143956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,696328500932037121,8260756286587143956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,696328500932037121,8260756286587143956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,696328500932037121,8260756286587143956,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
30f193480032db450af81c9b1d0f6683

SHA1
465f45202fe390fe068bec9726fab2f583b2c933

SHA256
14c5dfd0921bc7be70a3aafe9976b4788c22f8845ee1e2e7ef6752f06e45f3dc

SHA512
343ce7a98459a337944d555630c332f60dadeee6672d71350de0ac80e140426b0c74c9af1d82715f26162ee747d8dd9f0b2e60e541c6c65236116653cb380405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1858a1d41414a21535cb0e92295f00c3

SHA1
f739c5a1806cf06cd56a8594b7296da39f8e6701

SHA256
b2613c367c7b0b438031fc161b481decfd05c38650d946008c3ed3d49e1b8e60

SHA512
078e78479047c09ca2062817f6fc201572adb86bbc82bf5956c4ed2d4f9b049bc0f58c8a55f029a6255a60ff1b14aa3ec6e6352c3ae08dd67a0ac39a7832b3cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
530e6776378f5181a21fdbd8e41e3d5f

SHA1
6720427ca4331c51f5e7aabf09c7334a300b3b0e

SHA256
42b28e0fe5000df1cad37493b987084d25cf071ef4bae8f226b8a131115a5c6d

SHA512
1677c0732f9afeb4a9d5e2a0a8bc0b4e35c5130ff98b1abdd607fb4c1d63f25a85e4ffd6d2fb65a07c7309e765fd564eef493cab9a4c89dea2757da93a238d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e0789b560d61452c85a703807c59e2d

SHA1
da357c1c3513f44d243f9097f0f8996a8a3ac796

SHA256
1c71fb0cc1366d96d5a39bb2fd11242adfacd4a6a2d1af8f4a89a1f3c674594b

SHA512
4d6f9db6c090c93d96a57f75562c5778bed5b5f261242cbc9647f6b00cf77151ea3866094b7656b994e44f3ba87c7cea655d836dd32c935876f0fecd6dac6a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89fd4ac8464c21c3a20ff6c6f9bb91a5

SHA1
f6404b77effceaaef6fd3b0925307b53ceef8509

SHA256
9d84c302dd1e78d565fa9c10d3316ab54c9195e5fc1914abaeefa14c8760d8b6

SHA512
4e2117ab9d99878922eaba4e64f5849e1c64e0bb0f6ad7c20ca6d02a67207a3356dbd27a19686692c26fef6705fd2401502837dedf5b55440e6e2509ef358443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a662.TMP

Filesize
707B

MD5
2e11b612c38f773fd691928bd2f888d0

SHA1
81b6aee28e876a12f5a616b4e393329eb705351f

SHA256
14368784c466945d25ab43e715da438c1c52d6ed57612b9734aa9cff0360d096

SHA512
43009b1d6540c917a70973410cc6f7f33fa87d0c03f219af35ec67b4b0558706cb96bdb1156b0cca8502f3952432c1ed84954d516aefb677483dca848265a49c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
136c72f0cc33b57d7e7bd18812375e5c

SHA1
8f0f8da35810eff3eda67cf6e6d304fff050a7fa

SHA256
4c977e0c6a9b1c67c37c10a85dd5ec4f7397ee83be16dac7edfa919402de159a

SHA512
e29a8be5af2d47661d31c1dc972283cb754f7d5517c9d4aa360d025a8fec2dee7a33a283618aac26fb9de922eab14a5f866caa0d43ffb244ead9d9260af5e7b3

Download Submit