b66657bbbcbab2d513fd92c7fd0bab737671caccfcaa12f8692ab6d7665a7f6c

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16039755d3116365525b75a45702a374_JaffaCakes118.html
Size

827KB
MD5

16039755d3116365525b75a45702a374
SHA1

ab101b8d8994f06f8ca2fb8b6124977957f4e0ca
SHA256

b66657bbbcbab2d513fd92c7fd0bab737671caccfcaa12f8692ab6d7665a7f6c
SHA512

68dcbe20997447cbf306966e9bf1b1816ffb1157c77b9e2a30165079c3806d2853d7dc0a00e4980847e3e9ceff410acdf559266b277ab2b2b4b12e21edf9639a
SSDEEP

6144:xF5bpBQGlrJYrEiiV+Ptmp2GRCoXO4W8xVdGda98HrbOFYQsUk/cvLgqogViBv9h:xF5bpBQGlrJYrEiiEPgS8PUgjk/cvFxG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
5004	msedge.exe
5004	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 3756	5004	msedge.exe	87
PID 5004 wrote to memory of 3756	5004	msedge.exe	87
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3612	5004	msedge.exe	88
PID 5004 wrote to memory of 3352	5004	msedge.exe	89
PID 5004 wrote to memory of 3352	5004	msedge.exe	89
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90
PID 5004 wrote to memory of 3816	5004	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\16039755d3116365525b75a45702a374_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82b7446f8,0x7ff82b744708,0x7ff82b744718
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,11047492894066502149,4246950579181588200,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,11047492894066502149,4246950579181588200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,11047492894066502149,4246950579181588200,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11047492894066502149,4246950579181588200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11047492894066502149,4246950579181588200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11047492894066502149,4246950579181588200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11047492894066502149,4246950579181588200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,11047492894066502149,4246950579181588200,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11047492894066502149,4246950579181588200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:2568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\524cd1c4-92a7-4d72-8577-c47256ab2060.tmp

Filesize
11KB

MD5
e578f2aa51c98b41e8faa3d263428f8c

SHA1
7e31e8af01c8c8d882e394338d571822b27a5b7c

SHA256
4087643de59a4e6bd97a7bd83048992644d0d3f4151c1496806707f9798c961a

SHA512
1454eb540953b08470d7881850a4de1d7da56e666180435f4814db906fda8ce1eb5c14ae2ffb18a8bed6846c7b4dc0e797ee3194b2e0085b2d266bcb2dfd9fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d73140dd47a8a092cced37dd29965d69

SHA1
c79ca95c707f4356867e2506347e0036bf8a12ff

SHA256
cc0e71d0bf6b156d7637ff36f942539464acd2c4ec316cc3265ff8181586c019

SHA512
e2315abc533f7fba20638ec6d79fadfca0192290f8141080e8c74c6e8d86d4c3a5e28be74265aa6fd42c67a32991272e23e80910f80951be48cafda612f747f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
18533e9ef9b4f24c72ba763333ae85b1

SHA1
806ccaede313f9a18826a0139f5b3d7376bea5c3

SHA256
71ae0b195275031db3863e794831cbb3ca2c082ca49360727bd48e18f4d94f4d

SHA512
c51d6b7546202779e9962e4ecc199d8e475932e1db21b8e1e002488c7b9a1657ff433472cad1acbd167a69df2fd220e18cc46f8dfbb242cbacc3af188b0b59cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00b944688f24488d6225c8647452f6c6

SHA1
1edb15e3c720583f555e87f4acd2a9575a55d1b1

SHA256
d22fa34960c68902ac8fe817e0f41eb4c9d21357d65d2379f53c2ede12fda832

SHA512
600d2f0bb479d42bb8354c0c96e719f0aad5d92834c392df72da7918ff66b0d01b4cc667d9e00a1a021413b52e6e60e81a2d134b995abe844aa51a67a878b5ae

Download Submit