1d9514908764f458d8990a167ad09eed48cdbe2a1488c3c4248ab53dec985fec

Analysis

max time kernel
145s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

400ae17b3c246acaba9d721a8c447cb5_JaffaCakes118.html
Size

77KB
MD5

400ae17b3c246acaba9d721a8c447cb5
SHA1

18a919b611906d1463436e501a209cf10211004f
SHA256

1d9514908764f458d8990a167ad09eed48cdbe2a1488c3c4248ab53dec985fec
SHA512

8656eae7b2f548d694ef4835aa0717e9b88bc456f6900df76645aae33c8748c33090658826e31f3d25f9fa5467966638988db38b0a1e22d9c1be91b4250609f7
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fc9RxHALZBL+qkbcZdcIqUp:sMirL8E

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5064	msedge.exe
5064	msedge.exe
3436	msedge.exe
3436	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe
3436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3436 wrote to memory of 4512	3436	msedge.exe	83
PID 3436 wrote to memory of 4512	3436	msedge.exe	83
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 4008	3436	msedge.exe	84
PID 3436 wrote to memory of 5064	3436	msedge.exe	85
PID 3436 wrote to memory of 5064	3436	msedge.exe	85
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86
PID 3436 wrote to memory of 1180	3436	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\400ae17b3c246acaba9d721a8c447cb5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd16f946f8,0x7ffd16f94708,0x7ffd16f94718
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,15074940946073699263,14513252746924034003,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,15074940946073699263,14513252746924034003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,15074940946073699263,14513252746924034003,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15074940946073699263,14513252746924034003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15074940946073699263,14513252746924034003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,15074940946073699263,14513252746924034003,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f86696f0477d63893eb343223bf31c6b

SHA1
cda99dd7183d878f7bb6c35a2ffe1c23110bb190

SHA256
e9a296ca6ab2e79c477b3126de0805e4fd81b7d8000e7515f562f8cb92afddb2

SHA512
9a4167dd989f391e7ca0cb8d543c7037744780e214c6bb013ec5173e2e9943d8c6ed1c179443526a0fe63c87be3bb26bc08a469eb560149c5cf87763cd1997f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
861b739cd83b11060463e60b6b27ead7

SHA1
1c886e1027ce9265761780c9f75f7647e11a9d48

SHA256
875a2bc5370ef1a004cb24a1644ccb79221be02152d41a5f8ebd60e67baa562c

SHA512
64be8221cec502c236da6bdc65801b5396225c6a98fdd559b62823c62ea222b83f0e6ad068ccabee10cad5fc2bebe8cac5358bd37f2af14d7a033cc52be4b5d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b4d4c53a577df1437fad2a796585e01a

SHA1
98b587001935e0c7770348f5c2606728ec63a2bd

SHA256
429416cc518bd5c5658ed38a1c7fe3f72b071d2540dee8ce32a437a0d7b69cca

SHA512
4fd621ee7b656a8e0240acc4e02c33a1abdcd23ad74b5ab442a2716dc77b0fe67966dfd55e8fc4bf7bbdef5cb40920621ed38cd456a07c4c97529b018eb07cd9

Download Submit