628c91ad8023c7a559e91504db45cf342d25f09a0b76abc473906d1083ba96e9

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6426ed83260fd1af77af29acaa6fc708_JaffaCakes118.html
Size

120KB
MD5

6426ed83260fd1af77af29acaa6fc708
SHA1

4cdcddf038825f8281e42621607ee6507fe6b561
SHA256

628c91ad8023c7a559e91504db45cf342d25f09a0b76abc473906d1083ba96e9
SHA512

bc77defa6f74fed60687544b758b3859d5eb6c86877d9278e014e6618f125d8f21739a0071225998abc7f514bcea27b6a8473ea7acb6ed82b3cfe36be94b9b30
SSDEEP

768:a2xMVGkJCvxbvcqMEX8vw6vD8V5gpvoNl6clH1Hy1ffCHmMSPPM7MkN+uIf:Xm8ko9qo8v8V5ioNwcMfaHmMSHM7fo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
1064	msedge.exe
1064	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 2912	1064	msedge.exe	84
PID 1064 wrote to memory of 2912	1064	msedge.exe	84
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3856	1064	msedge.exe	85
PID 1064 wrote to memory of 3060	1064	msedge.exe	86
PID 1064 wrote to memory of 3060	1064	msedge.exe	86
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87
PID 1064 wrote to memory of 4040	1064	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6426ed83260fd1af77af29acaa6fc708_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbfbc146f8,0x7ffbfbc14708,0x7ffbfbc14718
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,17556047016789332164,3302493650592847625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,17556047016789332164,3302493650592847625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,17556047016789332164,3302493650592847625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17556047016789332164,3302493650592847625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17556047016789332164,3302493650592847625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17556047016789332164,3302493650592847625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17556047016789332164,3302493650592847625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17556047016789332164,3302493650592847625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,17556047016789332164,3302493650592847625,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b8ad91510bfc0664794416902a5b7100

SHA1
b1dd1f5d20c9f5adde134c810c5fdb046a9a67e5

SHA256
0205f0689911aa70ba3e6306a3bb9be29f7b0be464e24484d2afd3a7264e6709

SHA512
3aaad25ca7b4bfebd845fc62459bedc7d8b76de31382a77ebd251a2d592da1565c9bad998162794d21611c0517568262ebfd394fe69ca317f65d3a71770c31e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d974c6609e726f6456301d6c0fa287fc

SHA1
066f754869b0a13e4105190fe8c6683f310116d7

SHA256
b5ad6da803ebc13b207c714fc5608934fae997f3e4097f1fa0bf30d6649aaeca

SHA512
395de8cf8528edf7c5ee8628f2fcf44df6a388a137087ee842d9cd5fc8e9c8fbc21bc1c2ade99b9069b8d12eda4dca13ba271900806bfbd8268c0721e93c460b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0f123c88ad06738b16aa60d4824cfa2a

SHA1
e966f4a5a4fb91acf7142ebac3446590cc3af132

SHA256
8d3072346f2e8ad11860ea183b92f62baa699df9863c1a374b9e8ed5376f98d3

SHA512
82f9977da260358550e1572384fa07df012d95d847c97a5ace0bcabb2f5b5b417baadc0cf5cb62dbd519f40c30f45514ed79a5add16955e126aa229065b50fb6

Download Submit