2909715e6533ea6a6cb12b03de3a569696bf9143cf0ba5ed4ff066bb3bed1bb5

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16-07-2024 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4caafd0238af705d22158bdd8d56c1fb_JaffaCakes118.html
Size

13KB
MD5

4caafd0238af705d22158bdd8d56c1fb
SHA1

8b9dca57b58709409781816be174a25e28704ef6
SHA256

2909715e6533ea6a6cb12b03de3a569696bf9143cf0ba5ed4ff066bb3bed1bb5
SHA512

91fcb148277bb3514f37b77d3d5bfff4173e24075d418d5ffbdf68cf04e4022af20bf03b26053cb794fcb8595e747c33ce7517131690d2c68139aa97afbf4e89
SSDEEP

192:uVf8A+LGA7IWd4XLCOaS07nr7HRmTxP8JeZqe2Pf3T0CSiZe0fS5jb6n8e:2fb+LG62XLCPbr7HMTxEUj2PM6nv

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4924	msedge.exe
4924	msedge.exe
5036	msedge.exe
5036	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 3848	5036	msedge.exe	83
PID 5036 wrote to memory of 3848	5036	msedge.exe	83
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 3664	5036	msedge.exe	84
PID 5036 wrote to memory of 4924	5036	msedge.exe	85
PID 5036 wrote to memory of 4924	5036	msedge.exe	85
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86
PID 5036 wrote to memory of 3940	5036	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4caafd0238af705d22158bdd8d56c1fb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa34e846f8,0x7ffa34e84708,0x7ffa34e84718
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16986590548613385569,12874712351504194132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16986590548613385569,12874712351504194132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,16986590548613385569,12874712351504194132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16986590548613385569,12874712351504194132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16986590548613385569,12874712351504194132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16986590548613385569,12874712351504194132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf5148a649a1cd41d5b73511fae886fd

SHA1
1f31d29cfdfa4f6715f3df0e32567dc90007fb02

SHA256
0b206a2ef27813ffae0b9233f7985c83d15c8fbe09823d42043cfaa4a9969fbe

SHA512
c03405dd8755b2691fdb038f41a2d116c052a2fbdbf4a1b70f9b44e89e6c2b691d8db7b7686c268320814018ecfc90386f5afeb090c184103ccd6866c52f06ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b20182e8c88896945f9dfe68572f5db7

SHA1
d205f95d7dffb927a7bbf85a51eaf0cf703557f4

SHA256
f7c7e474a74ef86de28aef67efe91d27da2e33c43443d2136396a5f4848914ed

SHA512
d8fff61177add937b2d85fa585a654b7be7b956d8cc8e1dd658dc7f8a170e46f0df801441f9fbb41190285ba8ad1130fea9a7c9057deb502dd2f38b105456fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
281adcf460a00cb0bc287bf0a686bdff

SHA1
12f8db90c109392ae8fe4d01f1e7887d674a0a1d

SHA256
a3b61aba6d17ef5d23e35d2ecd88522e27319226464f1befa7a82d051c2c67f9

SHA512
93aad696da264fa2badb376f712663ea4b24f18a54bce8c45490b34562cb309b0b922fa2f83b085290c69e0a59627b3b829cc8260ce29cb9843a8466f24c83eb

Download Submit