c15f805548e323dda938047e68302b10ccdeaae617a17362fe3e3a75da1cce13

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

281e430f9d65d883e4fc94da67676038_JaffaCakes118.html
Size

69KB
MD5

281e430f9d65d883e4fc94da67676038
SHA1

6bfe09163f8d1105b57fda2c730d26eac09f405e
SHA256

c15f805548e323dda938047e68302b10ccdeaae617a17362fe3e3a75da1cce13
SHA512

2981def6d689c56259b372f86a89f54bcce4097130aef134ebe0c7dbfc585cfa09703a9f3e5633ac811731c94c2c1f933f9f374959dbbec812110903acace052
SSDEEP

1536:C1eKVhnd+xmBgm6hIDZJTrBtnrnHVVW/Sb8RKzahF:CAKVhnd+xtm623TTnrnVCKzahF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2424	msedge.exe
2424	msedge.exe
900	msedge.exe
900	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
900	msedge.exe
900	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 4500	900	msedge.exe	82
PID 900 wrote to memory of 4500	900	msedge.exe	82
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2096	900	msedge.exe	83
PID 900 wrote to memory of 2424	900	msedge.exe	84
PID 900 wrote to memory of 2424	900	msedge.exe	84
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85
PID 900 wrote to memory of 2708	900	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\281e430f9d65d883e4fc94da67676038_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1bf146f8,0x7ffe1bf14708,0x7ffe1bf14718
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1949250891231939312,16736553966194510135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1949250891231939312,16736553966194510135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1949250891231939312,16736553966194510135,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1949250891231939312,16736553966194510135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1949250891231939312,16736553966194510135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1949250891231939312,16736553966194510135,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c78617ec8f88da19254f9ff03312175

SHA1
344e9fed9434d924d1c9f05351259cbc21e434d3

SHA256
3cb47fcdca33bb3c8f4acc98424140987235ad79815da4f0e7593e4591ae90ed

SHA512
5b58675088b0fc2b2d705cb648ea89385b80c7cf908b0f4f95a9acdbd350b50754e1b586202db6a918eef70029fafb210947f3c43c570ecf7657e08939fd7e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
09c7ae658385f6de986103443217840b

SHA1
298d880503edce4413337c09d3525f27a2edcd28

SHA256
91e04ec38abdb0204458543592c4621b7bc0306407884f764aa9596a52454cd7

SHA512
4e1272b209487d1e9e7d8502be49ebce91c76718410e817b3ac7faf47d9b699210aab1b941fbb5ddafc192ddf4b2ba151afd47fab753ec62bc0bca36039c55c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
394B

MD5
edb75e1265acf023c8f26de0ac665b07

SHA1
c035e59fbd8c637121b7b64f521e3178bab39533

SHA256
09c4b86f9eb8d45e13a59a65c2735e26729445ac8d34d1cc57eaa64643f92506

SHA512
95bf7a261843d79c6efd76cf70761081a54bb2f5193b069d22531dcaa51eddff13922511cb9269642f028bb16fd8f21ec1b050ff56268af5f0bb1836a52bd249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0310631607db5c270d131b80f9bc0b6b

SHA1
745ca46c4c0ddb2b2f43c647b176fab0cca458f3

SHA256
9794e51cc8bf1cb95645d467d9b5a9e3b350c80b05a0faf42614b1b68519b7a8

SHA512
e68af52e79a7ca99a3680476b7ec87ba37d2606de089030d04bd4e36e312163701681304ae54c7db859600f44eaad3132dd81a85e5d935f48eef6ab79507c0e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df1f2718a26a5fd89afa288ca48d511f

SHA1
6ed0eeee931cba634b1ea5d2bcf166811189840f

SHA256
9f608a30e6c92f8ee5d631bbe2552da62d7aaf3dd45f3c89efe25f2a45a73d0a

SHA512
efc880473821a7846e01a095a889f6bffdfe6b66175278ae2b12a9509db43717ac1a02290ee36b8d58b489e1a7540a4082b908f780f2df5a71b5267565df6da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7adedd7256a8e56124239048a155a47b

SHA1
eeedab7cadc8df9a9857d4e39fb2cfeed975002b

SHA256
c8f16197a01e8ad005002b09ac422f9d5185dcc1df8530e81a32ec4157436dfa

SHA512
e0add4ebca109be86c6c8143e69de1bc9d2d36b3091a5b6968f1b9b4bc35c5d0fdfbf481bb114a01ed17d18e10ff52b87de4fc58719b8f886d2a2397a4dd393c

Download Submit