b7edbb97021ea1b6df91039fb4f27a08c7edfaa7f505d21322895c0f9afe5fc3

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 09:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60037ac76e4e171ef58653cc2cbc8285_JaffaCakes118.html
Size

120KB
MD5

60037ac76e4e171ef58653cc2cbc8285
SHA1

bb35249a3986e67e0af6fec0f792e9c9a1fb2421
SHA256

b7edbb97021ea1b6df91039fb4f27a08c7edfaa7f505d21322895c0f9afe5fc3
SHA512

0be23cc97e9f9a66f8e1ee7cc601b7ed55580660860c5edd9dc2f787f890a83ec49628d4f2ce38b1c43c0f52657696a57d8333f3eb2fa8c632b89f1c88943ed5
SSDEEP

768:r0x9qrvLm0vuo7Cnv3UWTsnrVsrYo+3GyVrTJpgfFQhT20qHAKTan4WFXD7O:r0vgTHj2nsWorVeYHTDC0qgKmn4WFz6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
2388	msedge.exe
2388	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 1996	2388	msedge.exe	84
PID 2388 wrote to memory of 1996	2388	msedge.exe	84
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 1568	2388	msedge.exe	85
PID 2388 wrote to memory of 3500	2388	msedge.exe	86
PID 2388 wrote to memory of 3500	2388	msedge.exe	86
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87
PID 2388 wrote to memory of 388	2388	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\60037ac76e4e171ef58653cc2cbc8285_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4ad746f8,0x7ffd4ad74708,0x7ffd4ad74718
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17236054639771611074,14598096205036924092,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,17236054639771611074,14598096205036924092,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,17236054639771611074,14598096205036924092,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17236054639771611074,14598096205036924092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17236054639771611074,14598096205036924092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17236054639771611074,14598096205036924092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17236054639771611074,14598096205036924092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17236054639771611074,14598096205036924092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17236054639771611074,14598096205036924092,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b02e60490c884d62aa6579c64fc9721e

SHA1
31ee25a90ffbc9ee85e2c2f024a20293afc8ac86

SHA256
002d89a07315030f6435ad7ff754ac6a203c4d37d613ff7116284161fbb19b14

SHA512
4e60355f3bfd3de736de348a0fc10d9c670cd2a08bcddd0fe6431e70d206ebfb0b44c4ee1081259f234dc1b06dfc64625c069549fbf2e947b299e523311d7662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e44dc803acab3595dbc25bcdb2ae287a

SHA1
d5a9f392b7fe83de413c1f754c61b73bf0414478

SHA256
443c21e209bc1449acf099cb61f6ee8307af9c3a2fc941cda05675e5bea8bf18

SHA512
f2278b2f7861a518e2f942d5ccacc06e3862364951e1b226bb304a5f1bd5b091fb0f08283f1060f552906af93b2df40ecced080d76fa9bf40edd21e2feee6e53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7180567f707eb5564e8051ec119ed4a6

SHA1
e874b6cc2d0122755137cafbd9bf355da4430939

SHA256
a07699d6d9bfbf7a88ad7657b9c6d7f250ac851af443000c3d29e3507a24989e

SHA512
8e91d93c512194c4e0536dea14884f2e997891d5990fa6f7b0d742e0f18d9f3ad3a913eb2a31134e70644b5e0fbc7236bd085ed64e3028b469de2fd3605bfc16

Download Submit