44f673c74b2694bcd40470ad6398de83a5c4d78a8e3cae4dfa80536d60b9c6dc

Analysis

max time kernel
145s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

299004a4b76fa369d8918c1e63757f87_JaffaCakes118.html
Size

18KB
MD5

299004a4b76fa369d8918c1e63757f87
SHA1

ad798e4a81fd734fd562c341a80a6e982f155bc0
SHA256

44f673c74b2694bcd40470ad6398de83a5c4d78a8e3cae4dfa80536d60b9c6dc
SHA512

4420a5db76b15b0baa4535951df1bbcdb6624790ee7b724e184b18b3ed40e949503fae06031e0b0503c634dc3d41a891f11faa53406ec8a31359b8f5de734702
SSDEEP

192:nR7lIsrL1u2Wtx4+A5GTHzihnzp/1VAdm5ip8k/w1wvqLkw1u0vLuBuLbdU8d:R7lIcitx4p5GTHIp/1VY1D/gRu0zguLZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1752	msedge.exe
1752	msedge.exe
1172	msedge.exe
1172	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 3008	1172	msedge.exe	82
PID 1172 wrote to memory of 3008	1172	msedge.exe	82
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 880	1172	msedge.exe	83
PID 1172 wrote to memory of 1752	1172	msedge.exe	84
PID 1172 wrote to memory of 1752	1172	msedge.exe	84
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85
PID 1172 wrote to memory of 4640	1172	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\299004a4b76fa369d8918c1e63757f87_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa648946f8,0x7ffa64894708,0x7ffa64894718
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,14001241939907991238,10416189448166310242,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,14001241939907991238,10416189448166310242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,14001241939907991238,10416189448166310242,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14001241939907991238,10416189448166310242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14001241939907991238,10416189448166310242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14001241939907991238,10416189448166310242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,14001241939907991238,10416189448166310242,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbc957a83b42f65c351e04ce810c1c11

SHA1
78dcdf88beec5a9c112c145f239aefb1203d55ad

SHA256
7bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128

SHA512
efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5b6ff6669a863812dff3a9e76cb311e4

SHA1
355f7587ad1759634a95ae191b48b8dbaa2f1631

SHA256
c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906

SHA512
d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ced816b858619c63bc1cb18b1c3224ce

SHA1
5ba0e035b348d1b3af2d7079d258614381058136

SHA256
14a14d97c6b37bf44fa9b21cbc472bc159e876457c7eac6fd9af735768ed474c

SHA512
590acae53a326bb1bf781583919f649b9323abab977c0ac424fa41adf590f0c197187870d7f073b8b40743ad3064aa88341fe448ae10bf29e87500281f09ae5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3740c9cb939595ea1a1a212059034fe7

SHA1
f398513bc76152911da01f4b154c76e587879640

SHA256
90f57ee1d350d36bca3eba95f86d3651a264bca00c58f73c4492af6fa238a57e

SHA512
3784f6795ca87e524cae30d3e8d8bbd38cf52de0fedc4167d1ae7e6b692973be564bf9fa96284d5e27ba83abe8946968b64ae41f0c5ccd5ae8ee1d8e1aed35a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
912e77183172f892aec3ae58bf5d26e6

SHA1
10685767372ca13d9db4fd067ebbdb834c74103d

SHA256
8a94c38ba190eb0f8ac127d174f865bc1e953190b43959974be63f2e57124182

SHA512
15f0ce6c3e6ca63551466fad46a3d744a522d2c03f8c7484f51ef7a3e3e6741b627e368e75924354a888cd1e91c1ffbfa7df6beaf575e4609b15f7d2543107ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
831e3eb7db080fc1129e52abe344ddae

SHA1
7f673b5ab0bb1fe0a5ce05710491142086a034c3

SHA256
ee93774c6ee0c928a0f108ddc2f1debef04163cc662c8754669e460d9c8c97cd

SHA512
30a4f9134762aaa108f53602468e304b9397114f8b41f1e4694f5250b085f68766e38d479b7e89a719ac325f0ae465affada19cbb7e8d7a37a4b65d6a95cbb76

Download Submit