60e43a122745f25be1b7efe98b0e1e136d58d5a1d41e1008f059755b1097bfd7

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 05:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f1467afb53af3b33732d879bd581db0_JaffaCakes118.html
Size

121KB
MD5

2f1467afb53af3b33732d879bd581db0
SHA1

5d4c8bce0c2a194ea4623853d070fa724a915b3f
SHA256

60e43a122745f25be1b7efe98b0e1e136d58d5a1d41e1008f059755b1097bfd7
SHA512

d7305977b011c080f5d53284d4c7d74f2a94421918926691c2c71d2ef129592784c32a7e4f9621e4f6859a66fab6c2108141227c3910b1e68d7061cb44bac6db
SSDEEP

1536:Zjw7YCn/88xmx93QLymrSc5wXwGgmxiKV:NCE13Vk5wXwcP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3068	msedge.exe
3068	msedge.exe
4532	msedge.exe
4532	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 404	4532	msedge.exe	82
PID 4532 wrote to memory of 404	4532	msedge.exe	82
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3200	4532	msedge.exe	83
PID 4532 wrote to memory of 3068	4532	msedge.exe	84
PID 4532 wrote to memory of 3068	4532	msedge.exe	84
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85
PID 4532 wrote to memory of 1312	4532	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f1467afb53af3b33732d879bd581db0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c78746f8,0x7ff9c7874708,0x7ff9c7874718
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15984637787141599949,7395653275972056952,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15984637787141599949,7395653275972056952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15984637787141599949,7395653275972056952,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15984637787141599949,7395653275972056952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2868 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15984637787141599949,7395653275972056952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2880 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15984637787141599949,7395653275972056952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15984637787141599949,7395653275972056952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15984637787141599949,7395653275972056952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15984637787141599949,7395653275972056952,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
de1d175f3af722d1feb1c205f4e92d1e

SHA1
019cf8527a9b94bd0b35418bf7be8348be5a1c39

SHA256
1b99cae942ebf99c31795fa279d51b1a2379ca0af7b27bd3c58ea6c78a033924

SHA512
f0dcd08afd3c6a761cc1afa2846ec23fb5438d6127ebd535a754498debabd0b1ebd04858d1b98be92faf14b512f982b1f3dcbb702860e96877eb835f763f9734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
06b496d28461d5c01fc81bc2be6a9978

SHA1
36e7a9d9c7a924d5bb448d68038c7fe5e6cbf5aa

SHA256
e4a2d1395627095b0fa55e977e527ccb5b71dff3cd2d138df498f50f9f5ab507

SHA512
6488a807c978d38d65010583c1e5582548ab8102ebd68ee827e603c9bdfcdbb9f98a488d31414a829409f6edca8bd2eb4aadd4ff31b144de41249fa63a26bc91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec5e69e9047354f33abce045bc1873bf

SHA1
6b1db7c9acae0c596524843f983536f71cc0010a

SHA256
497c94247b355b05a02e2246cf1256db4286c71dbdf5af9bb1e0ace95af6f013

SHA512
1aa1b09fc9ae84a3dfd020961ca9b71c509bce4eaabd747bf7682c299708a35cdf19f1e4d4651abcf8c3fd66e9b65bc6eec8b90c73f2786dfeb575781d10a6d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2c8113a8290aff304d3065d6c9728a7

SHA1
6ff2f1a29eddf5decc3fda8f814ab06a0b723c7d

SHA256
c6a524674e651f885e80169bfabee6a8de6efc53e8b3e0403a63076fb69766ab

SHA512
3d1b44e2a491f2e245eb6985547a4138cd506fa659bc5b98097667908a6d66d13e6a1a39be7c5647623d12c62ad098dc56475d5fff5c52e8721dec9bb21765e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
844eca351ad2d5046f36931c9b29b5f4

SHA1
b451b396b48c95ea63d6d26ee0373e2863f5323f

SHA256
763e0df4462ab2a0b24c1b949c562cc363acfe0fdab10f37d74554576b08d503

SHA512
004017728a75fbfefcd08b303c55f00450032a06fd043698dc4f7084219fef3ce7399388b202c44477a29eebe6f7e3a39674379e271680a741556efa04396a50

Download Submit