3c970637e3aad4bbca0c3b676f6f7d259f577fcddf71baf6813eefecf362bc0e

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60f0f47e29efad10c09f1790c411e974_JaffaCakes118.html
Size

157KB
MD5

60f0f47e29efad10c09f1790c411e974
SHA1

5ce755dd2cd0f5b27e96c7f174b6a1662ec82011
SHA256

3c970637e3aad4bbca0c3b676f6f7d259f577fcddf71baf6813eefecf362bc0e
SHA512

f77fd32754cbdb3fea4af0cd71e0701635c95d3dd1513724e0ad78c8a60cb45feecfa08963a16b82733d106a49fc807d57fee83862c92f9ff4620d7505b68b48
SSDEEP

3072:7zTtKSS3B2UP13G4k5QhLpOatVho4dj4Uji/fNbYaaLStRwnxWUu/v66sbsGon4T:3pq3G4k5QhL8atVjj1jofNbYaaLStRWL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
3944	msedge.exe
3944	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3944	msedge.exe
3944	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3944 wrote to memory of 2992	3944	msedge.exe	84
PID 3944 wrote to memory of 2992	3944	msedge.exe	84
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2156	3944	msedge.exe	85
PID 3944 wrote to memory of 2120	3944	msedge.exe	86
PID 3944 wrote to memory of 2120	3944	msedge.exe	86
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87
PID 3944 wrote to memory of 4972	3944	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\60f0f47e29efad10c09f1790c411e974_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6a4b46f8,0x7ffb6a4b4708,0x7ffb6a4b4718
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11041961878363364287,6140502456540006400,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,11041961878363364287,6140502456540006400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,11041961878363364287,6140502456540006400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11041961878363364287,6140502456540006400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11041961878363364287,6140502456540006400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11041961878363364287,6140502456540006400,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2e69913164cd7f24aec4bbcefcfbf66e

SHA1
09289722c3fec0bb0a5c499303ed0bd20d4ea781

SHA256
07be703a66c12275e9e258c9c51ab374def1377acb89633d44c84ad8dbff893c

SHA512
9f08fb3ad61ab76628d1661b492b7a6bd6890d30244c9f4503b9861b2b6ed5241e052f297dab417fed99cf80f789e4dea9a4532ed6bbf968690a2f821781ef64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d5c99046e4e1865ec87a33ac431d321e

SHA1
fdaf288fca6571bfbd9d81c8fbb95054c093e52b

SHA256
ba331bc05bc056166945cc42f982cb38065b04c4b2b8f83f0d3bc0e745d1309b

SHA512
ece0f4d6c9d36e3a5f7ddd62b7ab8860022c20efb4a33abb6f37af9cd07f1036d698a26968605ddd44b88a93ffe4e0d8209cb5deb8bdb90a9da8d2f2824670ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f096eaab958689b79110ad26dacb450

SHA1
7c0bd021e29cb7075e0bee5413a4a2b7da2493f4

SHA256
47407ed85e58166397cb55dea25800ee2379980f5425470eb44d51de868d526f

SHA512
1348e297b7ded31f60e3d588121e8252dce89779a3e4ab7a6ce4dba1af8a15f3048f7bb77e65e35233df814cea65c5af8c4ccfe1180bce10260a8461389617ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9b5fee705ff85ab4ab9b39e420682de7

SHA1
c2f4e4262ef60d6b96383fd18014011637a3e29a

SHA256
2e8ad10f3784409c4cb095eacc1c0d665589dac870b2b11173958d6a450ecef8

SHA512
c51a2ce004109ae4581b6af8970ae293d377cdfc7656bcb5193e65b51f5939366e93edf768d2ec7edda2254a5c27544ac248cf4526cbfbf931c267d2733828e4

Download Submit