b319b077a57897635d5c40a887f3a94bfd35cfea21272b5499956892e3fb4654

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5aa8775e67384b319fc61c0daa65f470_JaffaCakes118.html
Size

140KB
MD5

5aa8775e67384b319fc61c0daa65f470
SHA1

5f3ea15a09e62425bca38ae0ebe0aa3d8cd56aee
SHA256

b319b077a57897635d5c40a887f3a94bfd35cfea21272b5499956892e3fb4654
SHA512

9ff5c8a73757172389617b804ceedb791ce570079855b79c92e4985ad4a393aa21b695872eae39eb776c2beee1f4a54445ad2218c9f25c95f92ff5baa9fbdd74
SSDEEP

3072:Jx9KHBtHeTlQr843g1tHJnufQqwrDorlruis5C1QF70+DJPa0gyafO8nhe:xIgtufQqw3oxqcQu8q/e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
2504	msedge.exe
2504	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 4348	2504	msedge.exe	83
PID 2504 wrote to memory of 4348	2504	msedge.exe	83
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 4088	2504	msedge.exe	84
PID 2504 wrote to memory of 2348	2504	msedge.exe	85
PID 2504 wrote to memory of 2348	2504	msedge.exe	85
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86
PID 2504 wrote to memory of 1248	2504	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5aa8775e67384b319fc61c0daa65f470_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85baa46f8,0x7ff85baa4708,0x7ff85baa4718
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17590214259349289096,8135550426728208598,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,17590214259349289096,8135550426728208598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,17590214259349289096,8135550426728208598,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17590214259349289096,8135550426728208598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17590214259349289096,8135550426728208598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17590214259349289096,8135550426728208598,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
546B

MD5
f1b3c295f3a9be2d5a6c65358aaba436

SHA1
1d7055b57bdee1cc0e80afba889ad0d6356c0c8b

SHA256
63d34fe0b908ae4c2aec19ba57a1014d871af1fc303234660a1b90343afcb250

SHA512
c84018d0adcca6d4d62e17387a6001d922bb448b03a5591af281cf54f763bd226ef26c22e02ba110a74d161cb06d72939fb8cf49a2c9f2c680dd10450439a05d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4a190aef79e5916b7c0809c69d0c72d

SHA1
d13efdf0c4c9434b828608413604175f5a631cf9

SHA256
24a87fffce626a13ac2485d1cf3c61d3fa22c8a76859407d83f0d90c5f5af02f

SHA512
2307f2c29606cf699d13fd61268dfb8e21264c7152bcf9acf88e5f515f0c9ea13f1aa78793ccfd8fea8737dbd9a4a68f71733224d0973b298ea7295937d70184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9d9004d5d63091f74bb28b90e27b3cd6

SHA1
8aed17c0f1e776765679ec1d6461474830a97831

SHA256
c1488a32cf1796faeb9efbcb6e9d0fc8618dac2e8c2b6fa15f6a1324adb3e43a

SHA512
2cc70a423ce73264d102963f0b8daa25bc547274c5130736e570b32968d8c18ff4681983d0519c19e5f4b902a6ff6250563ea42236f1d6b8c973edadbf8b69f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
437d86837c2c72d0ec429309c414360f

SHA1
4f5bc9716bfaaee2a9afde123c9bef64ccddd55e

SHA256
b67376e9cc99e16c791fd20600737005760c3a7eaa7200e39b6365ef915e5689

SHA512
67c456777cf50354f95c6d31437020c877d0ccec9083520194a0837647611d7b6318f30d2af80d7c304a8324db5524208d40ab33565644cf703231591051af53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8bc3b8959e4facf9b2c1809f1a7d3e80

SHA1
a505a61f134d6b1c74854ce28a0de652e00e3f9a

SHA256
337700faf5222de64997643b5a1044f35fb6904becd45911bba9e4c017c02af1

SHA512
eb2710fd03b60c5426ea5a88fa9502a9d050a8febd13c1e2abe18d8b21eb9421b4138aa826b9666489d7f51d5fbf7b306abc2bbc63cd29d2e08f6f9b0f4c9af3

Download Submit