f19dcd54c5b298f4d369ffcd9b6d07ebb70c0a40f7ecf00f88a28d903e511e83

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 14:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aef01c8ba651f99f7d09bcd2b5493b3b_JaffaCakes118.html
Size

238KB
MD5

aef01c8ba651f99f7d09bcd2b5493b3b
SHA1

1e9318c7ba8a782edddcd30d4be6e91fa77e50f6
SHA256

f19dcd54c5b298f4d369ffcd9b6d07ebb70c0a40f7ecf00f88a28d903e511e83
SHA512

ebdc6a437509c9d997a6e8b83987262bf91d45502e305746ba47253e3e3566d42ff558675541d358777733b7096ba5bd272ff0232480883a0531bbac80574229
SSDEEP

6144:SwfDRCixVixc/sMYod+X3oI+Y9sMYod+X3oI+YQ:3fDYixVixcD5d+X3P5d+X3+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
2316	msedge.exe
2316	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 4176	2316	msedge.exe	82
PID 2316 wrote to memory of 4176	2316	msedge.exe	82
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 3932	2316	msedge.exe	84
PID 2316 wrote to memory of 2140	2316	msedge.exe	85
PID 2316 wrote to memory of 2140	2316	msedge.exe	85
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86
PID 2316 wrote to memory of 4612	2316	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aef01c8ba651f99f7d09bcd2b5493b3b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffd4fb446f8,0x7ffd4fb44708,0x7ffd4fb44718
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5800676930330983211,3456982157589703177,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5800676930330983211,3456982157589703177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5800676930330983211,3456982157589703177,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5800676930330983211,3456982157589703177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5800676930330983211,3456982157589703177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5800676930330983211,3456982157589703177,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
255B

MD5
d65f1f26135e9d5798a6a8d6fe48c063

SHA1
5de9ccd65d7028a0d31d2165f159a403b949ea2b

SHA256
1222fd0abb84cfba47942406c6c464b8cd7f953e180b9d7e338d1be8fa29fb5f

SHA512
8b470e0cf29db6f065f785f478f5392c78ab3cf4261f2d922906652a0f134c54cf48905aa0077ec5d598631eb049d2ff2b228833a0c2ad50d5be6c80099c003a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
679ba1c9f2953204214c98ed448928d2

SHA1
d2ef2f6242a7a92386703f264335d97bf82dac53

SHA256
36ce237bc64684f81cd72ee3812972135df693cd380efeb7e97eaac488dd6bb0

SHA512
fee6f05cc8f6dd7815c8b2632c38111e98f19250cc0ab37800c5e439e9ef421ac7d5644c92e3c513dae24ca816d7e5c1ca0456bcf6b3c672f21a970e56b8f71e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
452f446ee46883665b1e736d0f7ec95e

SHA1
0bb1e9d240c57cf8dbd0fd3c6fa0e347fc40643c

SHA256
ad4807d5238b4aaf8b550eb222eb50514b0d6fc8f6f53afe46b948b36b39e2a2

SHA512
393520d3901536f76ba4f0be44a3cddf255208f224278d96e31f2f32f7b3f25b191d9bd2021c9da7155faf70fd9b66e5cc637a7d63a5e373487cf71afe051873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc39a895fa6eaedfc46b4185e03f0f63

SHA1
ddf5afee820ad529cd223213da80c67304b632a8

SHA256
e9122819f72acb2c5e70fd6ec54454043f5436fcd9e798c933ab059726faa42f

SHA512
27992aa1cb3532e52c636bd338f64bd9843ec624a365e648a3fa490608d3fad2e774b975663ddb6201066e806a0ab4d87ce66b6255d5329b124c1c33dc857064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0dd24ab7970a50dc4635e38a34cf1639

SHA1
515d34ef12bf5bf2019ef6b8625cd912c0079e38

SHA256
711a9debbd74507fdb4b6fb116c2dd645bc3f4ccd9a4dc824c992d6fe109fb58

SHA512
6dd7ddad6a1e49c0ac539484dbcebd3c8dbf7b089ece9735b8866af526da82b5b36b53dcec088859ef50a47edcf6d61d4799215c68262c77c913271554291e35

Download Submit