814eac7cddfb9938fb3c1a3bf807807c46dd81f2581d31d419ea424dd855eae2

Analysis

max time kernel
148s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

175358306463426c711e6b46129b8f3f_JaffaCakes118.html
Size

237KB
MD5

175358306463426c711e6b46129b8f3f
SHA1

21d3c4c67c9ec2e048f165ecfd221268075e62b5
SHA256

814eac7cddfb9938fb3c1a3bf807807c46dd81f2581d31d419ea424dd855eae2
SHA512

ada77e22e34213e4bb97599c1772bd9fa300ac83495ad081156717a6afc807b39fc393199b2a83f6771ac485b32fa2266910d2cdf576d713e5c609081f28f523
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcWanHAeifLI42aN7qBpH1TJcZLieQ+p:sw3wL77c6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
1720	msedge.exe
1720	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1720	msedge.exe
1720	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 3596	1720	msedge.exe	81
PID 1720 wrote to memory of 3596	1720	msedge.exe	81
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 1496	1720	msedge.exe	82
PID 1720 wrote to memory of 2452	1720	msedge.exe	83
PID 1720 wrote to memory of 2452	1720	msedge.exe	83
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84
PID 1720 wrote to memory of 4884	1720	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\175358306463426c711e6b46129b8f3f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff12ef46f8,0x7fff12ef4708,0x7fff12ef4718
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10097630882373041382,1398566778757614752,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10097630882373041382,1398566778757614752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,10097630882373041382,1398566778757614752,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10097630882373041382,1398566778757614752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10097630882373041382,1398566778757614752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10097630882373041382,1398566778757614752,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9cb7a45558a492803c18bff41cc560b

SHA1
52921537fab829565f644864f6c548bbc416d796

SHA256
feeace497d6ccc7c468657065506cdb4148d83839a312c59984820e31f82e4e4

SHA512
70b2d96e03a62f3a25874579fdab6fad14980ddf9d41e72ba1b4a3504937a7757d67b3366876e9e303f98a0b2f51803c3a256934c1326bc7533b9b3c88d51253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
beb0c6f2c8283f33c39ff1dc628a43b9

SHA1
194b506faa5603873f61f9f8f301cb657a7a19b7

SHA256
c5793ec451f3141cfcd6503f039aa2405d5f2b4dacc7e8d8d5b280e024a69117

SHA512
08053de6bf5c7fd9a39f2dc17e88cf7e7008e7b099bc7a023b24a03df921ebf565d82282fb40b241dc03266a8022ec0bbb7a39846004f21f12e8d52b954b994b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7f8d7f3665a17b8f8b7eb27bc041200c

SHA1
0f1aaac1d81f6c18b0378fd80176491412c9f40e

SHA256
c9660968414348000bdb9dbc2dab8505956fccb7df727a3218bb48e6b22e6cb7

SHA512
79b4e4f33a70f00459f995fb23a634d7cae215d3d80091da52ed671607af13cdf04a890e97351f8819a0858899de0ec2934bbae0fe11053fdf78916df993e8ba

Download Submit