9f02c58ba4aee845b2c78c9be635b3f9d5712a436fb20d792ef7077932cd15ce

Analysis

max time kernel
145s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 07:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44c9581d6e14989c6299ad39d85ac743_JaffaCakes118.html
Size

194KB
MD5

44c9581d6e14989c6299ad39d85ac743
SHA1

7032a7f590619b446f580ac2e8f017bf589c7a11
SHA256

9f02c58ba4aee845b2c78c9be635b3f9d5712a436fb20d792ef7077932cd15ce
SHA512

79f326832c37f525edf85516abf5bb31596696994771ae91f808dd17f72b456d7a6cbe19d0bc74f3008ada21b549d4eb6c2717b2c416173ff8f464f34c520d2e
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fc66EHAb2SLtbPS2cZKNFlbp:sFy9Lc2f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
1892	msedge.exe
1892	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1892	msedge.exe
1892	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 4772	1892	msedge.exe	83
PID 1892 wrote to memory of 4772	1892	msedge.exe	83
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 2600	1892	msedge.exe	84
PID 1892 wrote to memory of 4968	1892	msedge.exe	85
PID 1892 wrote to memory of 4968	1892	msedge.exe	85
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86
PID 1892 wrote to memory of 3548	1892	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\44c9581d6e14989c6299ad39d85ac743_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc597246f8,0x7ffc59724708,0x7ffc59724718
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4614764615603922434,15044153682756494434,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4614764615603922434,15044153682756494434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,4614764615603922434,15044153682756494434,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4614764615603922434,15044153682756494434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4614764615603922434,15044153682756494434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4614764615603922434,15044153682756494434,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3586e4bc9e620b6cb2482875d2091b89

SHA1
3055e9bed88f1017d99e1e4134f76cbd834e62b1

SHA256
338a6a560f16c19c0d631609596fc74968a7c85d8518accf5fd6386f5327f963

SHA512
03247afb9327175fb0aef929da664081a114c496b53295f034dff5eab1aeae00895dd3b881434732d94bd0d9a75872adec719a3d70b08258da2ed7241ae632fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c6edcb85a1ab24d90bde6f45c378cb2

SHA1
309b09a85bf3452cd439b0a046249429ed389b34

SHA256
976a9655d03e91ae08ebaf46e08d3680da1c9f865d0e49bd9258e63a0fa1d8ef

SHA512
9bfd1dcc62f61996568ae67fb9ca28385955ca892b76055d4f89aa28232467206d0c02f5552ce9ceb27788ec1677415aff72fda8c56a6385bd65998505c12b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
600d9b2f78d0d9793e659b4e6a087555

SHA1
715f9cb3916c06a7997f7a39b9df19ca6539a3ca

SHA256
930697172318b05baf7ff38e02ecf4a759ab4c8f9cc18ae6274a0219611a7197

SHA512
bf01ab664cbd726e8db04f2127c281fb0abbd340d5584085009a0031296dd9f792841c8a02b6061c136ccf1c4326d12527ee87760eeb69acc1a2f374c8a958d5

Download Submit