9057dc24f7e41af2bf62ec465801cc309c695778f188cf3a673127448a835003

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

317938a28302aec94e2ce79afebbccda_JaffaCakes118.html
Size

1KB
MD5

317938a28302aec94e2ce79afebbccda
SHA1

7f0a2fba0f8003dfa6cd7344d954f1840c4baa92
SHA256

9057dc24f7e41af2bf62ec465801cc309c695778f188cf3a673127448a835003
SHA512

09825350d08ff615dd7348731ea1f8aead15c5e26e6ccab325840d89d27d4f86278d9f9562559f76ced408f62841bde7624f55621ba16f7ca7827b8d30ae3acb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1168	msedge.exe
1168	msedge.exe
3568	msedge.exe
3568	msedge.exe
1292	identity_helper.exe
1292	identity_helper.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3568 wrote to memory of 4764	3568	msedge.exe	80
PID 3568 wrote to memory of 4764	3568	msedge.exe	80
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 4416	3568	msedge.exe	81
PID 3568 wrote to memory of 1168	3568	msedge.exe	82
PID 3568 wrote to memory of 1168	3568	msedge.exe	82
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83
PID 3568 wrote to memory of 1156	3568	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\317938a28302aec94e2ce79afebbccda_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4a2446f8,0x7ffe4a244708,0x7ffe4a244718
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,1049962540349359601,12568418814365856959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,1049962540349359601,12568418814365856959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,1049962540349359601,12568418814365856959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1049962540349359601,12568418814365856959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1049962540349359601,12568418814365856959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,1049962540349359601,12568418814365856959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,1049962540349359601,12568418814365856959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1049962540349359601,12568418814365856959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1049962540349359601,12568418814365856959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1049962540349359601,12568418814365856959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1049962540349359601,12568418814365856959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,1049962540349359601,12568418814365856959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2628 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6dac3d4927fff84066a399707599a1a2

SHA1
b42b40f2c59013389f65bd5083c2800ee122a8aa

SHA256
be80144f1d41ffbc6acd1015ca2143e03fd470806839a6ac92395c366699c633

SHA512
4b5ac4de343943c93ebb6921e7f8a4ecfb1213a83057fe9b472f8f0268a7eb8bd5a8909176880890cb0fd2a942af8e99d08b396105b1fd9ec89866bf2962f41c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1aa9d101e9c877a15ea9377ce25deaf5

SHA1
17e429ebe6a312f57cb0a61ec73a342978a3752b

SHA256
262d409117d36a361b4fa71e4d67cb35d762fa32b142f87039640b69451962dc

SHA512
dfba35581d1946c21049796203be27387145e3149043d226862ba2f4da68065e8dfd0a884cd0dbdcadf7e122b6bb2fba36035640880d403ea2b5988ebd035cdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e4fa07390310aa9436b647107dc7431f

SHA1
4bf7a61a7262737c0b2ef20a169147308a30349b

SHA256
989a3ae0d412214eb54c4dc1462732e396ee6f805ffceaedf4b48ec51b6cd7d6

SHA512
3c525b19b436a44e536ac3bf983608608f7ba419822d4060be172383cbe2fccca4056b21cee866fe46e2350684cb9456b64ca356c910536028b094e9f3b9cdd8

Download Submit