a544b9b0973d48ff2d2fff2bdfd7eb8d26e13d2ad7ef0c004a77ccfa9245e2a8

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae68c56dd9095a465f6c0d490beec220_JaffaCakes118.html
Size

18KB
MD5

ae68c56dd9095a465f6c0d490beec220
SHA1

c6f34a6eb1daaa82ce3861f0807baf77d8bc2602
SHA256

a544b9b0973d48ff2d2fff2bdfd7eb8d26e13d2ad7ef0c004a77ccfa9245e2a8
SHA512

cf1271c924008887b4d1b6b533ea0c0b13caa421b2054cba358f2f99324d0f55da4038ece6bcb908ce811982d66dabfea5493ced20a3043b0b7b5bedb4adb02c
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAID4lzUnjBhvh82qDB8:SIMd0I5nvHNsvvqxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
2500	msedge.exe
2500	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2500	msedge.exe
2500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 968	2500	msedge.exe	81
PID 2500 wrote to memory of 968	2500	msedge.exe	81
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 808	2500	msedge.exe	82
PID 2500 wrote to memory of 3192	2500	msedge.exe	83
PID 2500 wrote to memory of 3192	2500	msedge.exe	83
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84
PID 2500 wrote to memory of 4728	2500	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ae68c56dd9095a465f6c0d490beec220_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd66c246f8,0x7ffd66c24708,0x7ffd66c24718
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,17075894322349645099,167631355944424360,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,17075894322349645099,167631355944424360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,17075894322349645099,167631355944424360,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17075894322349645099,167631355944424360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17075894322349645099,167631355944424360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,17075894322349645099,167631355944424360,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3564 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5ecb8745-534c-4739-98f5-eea53ac416b5.tmp

Filesize
11KB

MD5
414ef7156c860ff1838a2a2430d5b98e

SHA1
8f0ff901e98e002c398785801d497f4506f609dc

SHA256
61cb71e2f805bdffc1604c20a026b77c3d6a9aa76bbcdfa2bcb6ced2108c6e5d

SHA512
b6d2e8ed1aaa634588163597223f3bdf792cae7bee263152682a00d6122202a0e6b45c6a60a7d9997c3ec7311fc90c5165a83e3d45165e3030f2b05d00648339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28852cf22f87386d3c6a5e8413926ab1

SHA1
ebb8611e5d8252beda1afbaa3f7ed39a8a345e83

SHA256
47328ce5ce79baf075a33dc5ed486c94f1b21068822b61341f392cefd5e77898

SHA512
99898eb5c6ef454a8d7221161e6f6f2a8c38dbefd6c0c2b6e726a1a73e111c16b0e3e6aeb75705cebbc0733998a866257e2e653b7bab0a130afc6441907d501e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38172e341852e7ec1206e8b8993ba906

SHA1
09ca353fcae24a6907f6292c3fde80abdf698264

SHA256
4c94133d5bdc640747634a31d1d4ae256fe46c123305c3fa8899aff6d8216aaf

SHA512
bf496c5d22bf9ac981c9c9fcd46486b54ddd89a3d3df29248aaaf834f2ef6f4e51d2c96abada0590d21359b7f1ba97041d0f985ab078bb4ef343123cfd08374d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e55927933f2aedac90d5b6ddb2dc0c0

SHA1
1dea0136414a6058b1ccddbd20f61e3630930fc9

SHA256
3ecec26e7bda78c0ecd7e371a6d8110388040b42f8ca21200ae2c0cc1bf4992f

SHA512
170e9142402f0b8bc88480b6a0f0fcedd8ed6776f8a3af494469113b03648b943e4ffdc66f7346cff1755836ff21ff56d584e0206582fc035a47c40836d84bb6

Download Submit