539b90467926725262ddf71a1aaa3e7c6bf50f1ff19c65dd42297269f740e0d6

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

475b867be332bd2e94e212e9a9057782_JaffaCakes118.html
Size

119KB
MD5

475b867be332bd2e94e212e9a9057782
SHA1

6920d265acf704035b26d653281b02543c2e45fe
SHA256

539b90467926725262ddf71a1aaa3e7c6bf50f1ff19c65dd42297269f740e0d6
SHA512

5be4479c6113cc3dd54ab64ad8b15275ea1b9d5124acbaa5a6398e3211699b0be1a5011995eea791f9d0866d807021e8017e4becb85df926b4685aaccb3f4255
SSDEEP

768:QxnXAt++RJvepSklvUdA5xQS+g3wzCQTmhc4OAz/CxUaf1syMp6rWny:QVWtaSSAAangMFA2ZV1sTpEWy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3888	msedge.exe
3888	msedge.exe
4664	msedge.exe
4664	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 4504	4664	msedge.exe	83
PID 4664 wrote to memory of 4504	4664	msedge.exe	83
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 2760	4664	msedge.exe	84
PID 4664 wrote to memory of 3888	4664	msedge.exe	85
PID 4664 wrote to memory of 3888	4664	msedge.exe	85
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86
PID 4664 wrote to memory of 2424	4664	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\475b867be332bd2e94e212e9a9057782_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc014346f8,0x7ffc01434708,0x7ffc01434718
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,333171076236289427,10129211589446470949,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,333171076236289427,10129211589446470949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,333171076236289427,10129211589446470949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1528 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,333171076236289427,10129211589446470949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,333171076236289427,10129211589446470949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,333171076236289427,10129211589446470949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,333171076236289427,10129211589446470949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,333171076236289427,10129211589446470949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,333171076236289427,10129211589446470949,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\098f76b4-5d16-444f-a7cb-2a8c217f9606.tmp

Filesize
6KB

MD5
795ae12318a91b40b784e55f17cfdb0e

SHA1
c9e5ea52b327dbe80926d508f12ffb31d91167c7

SHA256
f13cfd7d7e70147c164623788f260ee1bf26513e3cd016bccc4d77b634cfdb2e

SHA512
22f22ed13ffc243066a287c310e864c4485461bb0fac7f6e5530dd82ed649af1657f531edc97aaa608ed487ecd022f0e734202fe438994d2ad93cad9e0cf0ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6301c04c6366a728c18b10eeaebbc632

SHA1
23eba2f049f2cf196a3d7de7f095eaf6feba9e6f

SHA256
95c81a09ee98b2d2ce8b666d0eba9d591be78bbbb4f87c483a325e3398decd1e

SHA512
c2eefe3d0ee5ec3a2f8acbed6c31050e3cb2f41d68e7c123d4daacdfc896e839c9b459896e3d559df4e6ddc7c3bf28d6ac7c88eeb7a2cb96bd91f6abb43d97e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5a94375508aa60c67330f62d63e96197

SHA1
b7d5abf9a56c866b9aabf67f79b5a7683b4a63fa

SHA256
9c0bfbf0a2e6b164df7d2662d87fb51a6f09004788d64254635778b350239cc7

SHA512
fa2ee9f8238521110ef3951148aee4d66cf0228db5a2f0ab3da3a9814c8e192e3a5777bc60a2ab273711e2b6f3a8d06f93018d3b9ec0f093e458825636b11bd3

Download Submit