165c47f52896d2969617b3e11db1857b907f994c62108a22175f6e45926ef995

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afd9ac66e80603febf8d899f10d90a4b_JaffaCakes118.html
Size

18KB
MD5

afd9ac66e80603febf8d899f10d90a4b
SHA1

d5650d0684687f00d55230f24c185f04d2151afa
SHA256

165c47f52896d2969617b3e11db1857b907f994c62108a22175f6e45926ef995
SHA512

b765385f3ecbc7661cddf05b8d47247d84a62e799899d074d62afb99e704720909fbb453399411fde0bf396139a045f587ce7efb6e41a9940e376d48264188fe
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoA8V47zUnjBh1P82qDB8:SIMd0I5nvHhsv1UxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 1332	2932	msedge.exe	81
PID 2932 wrote to memory of 1332	2932	msedge.exe	81
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 4408	2932	msedge.exe	82
PID 2932 wrote to memory of 1784	2932	msedge.exe	83
PID 2932 wrote to memory of 1784	2932	msedge.exe	83
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84
PID 2932 wrote to memory of 1040	2932	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\afd9ac66e80603febf8d899f10d90a4b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff959b246f8,0x7ff959b24708,0x7ff959b24718
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9730287896676742940,15453105710931138951,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,9730287896676742940,15453105710931138951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,9730287896676742940,15453105710931138951,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9730287896676742940,15453105710931138951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9730287896676742940,15453105710931138951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9730287896676742940,15453105710931138951,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f43431178a8954b666a139039125d6a4

SHA1
3927d2e7144a0851e789f05b279a9bbde6bd21da

SHA256
0d1f67439f6507ca3fff367b61bcbbecc20fc5ae23356e4b37bacc8427645960

SHA512
f65f9f07eacf15fb6acd55ab9ff7923343f141ad08e20437360854bdfa96eb4f967ab0a5105740c1734237578668d019289fe10ad3a408f8751ba934d7e9c507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3f7de40b48f2cea45e6424e63a40265

SHA1
0539c1a4c73559b470559e54b77a0a6e3099dba3

SHA256
5df4e51173a9574639ff9a894847fd0945de07ab5e79228ed3bec6fbb8a22008

SHA512
dc779b168f32c221936569a782ffd60ba0dc745a933406a654ab221569f33bde54a92c56114b65e0dba9a28e76e2653344dee3a2f03479cd957a027db327bcf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c49c568276191c085d9fb6c21593d36a

SHA1
778253480fda7d8c544f64e2254954e351e877c0

SHA256
8963b6418d7e25c5a23a3e3277aa2dbac502c6d0623d50dca0a601b9e4d74508

SHA512
bc31998614072cd83dbd79bad75dce4ce7c9a87d05922d446c2d3525c9b94bfc2db0824e6dd569852bf5431f83be3474d2bbaf541a92868b42a11920ce65806a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2b80f1c34f5e409f58dc185b3593e35e

SHA1
384def965b0b41f2aa2f9184804a5e9473d8c34a

SHA256
d4f56a036d0831bd3b16d5b4abe12cfde9cc4e7cabb3f9394a5cb00830ee7120

SHA512
806ff3da0701963e5170cb4204e782f6172a4a55911ee5153e98a15c3375fd01281b4a9eb44b3f0926dfc2a589aa8a3d4274fbe8464bbb3ccea3f05341785e47

Download Submit