60a0f9f99920cb4082dbb8dbff4c397b4eceb823f6eb213241943e96a038ef51

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66866c7073393761e030b78424818106_JaffaCakes118.html
Size

121KB
MD5

66866c7073393761e030b78424818106
SHA1

45d23607e0ae3b827e93940f58b7a33967238634
SHA256

60a0f9f99920cb4082dbb8dbff4c397b4eceb823f6eb213241943e96a038ef51
SHA512

1c2f0d5f79b6adbafead5673a7830c4337c64097541511a9541d0dc1f623a0538887c3a85e727b7900d58d501164c095a69d074067512e0713814532b4db6612
SSDEEP

1536:G8Vlxwv2vOLrjoBKhncj7sYUZqO7slLzwOD:dTw+vEYzN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
1448	msedge.exe
1448	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 1832	1448	msedge.exe	84
PID 1448 wrote to memory of 1832	1448	msedge.exe	84
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 776	1448	msedge.exe	85
PID 1448 wrote to memory of 440	1448	msedge.exe	86
PID 1448 wrote to memory of 440	1448	msedge.exe	86
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87
PID 1448 wrote to memory of 2416	1448	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\66866c7073393761e030b78424818106_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b81046f8,0x7ff9b8104708,0x7ff9b8104718
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5599742242365141729,13842273747758004622,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5599742242365141729,13842273747758004622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5599742242365141729,13842273747758004622,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5599742242365141729,13842273747758004622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5599742242365141729,13842273747758004622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5599742242365141729,13842273747758004622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5599742242365141729,13842273747758004622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5599742242365141729,13842273747758004622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5599742242365141729,13842273747758004622,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a490486031f3c55b0b325f1c6f919319

SHA1
d0fdef244f79ad19fd0d17eb1a649a2053bae935

SHA256
d351abbeb13b15e3ff1e94397fb675724bf6c4aca59aa6ae98065f6c914fb50b

SHA512
eb28eee89ef6fe2df0d91895ce60b7a816367e310b835ab021c32555e07f28198d8fb3a5e1355f724d6b3a974f28e82eca84fcd2340dc270d7d575bd9229ef2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11ccd48b0ef1c44da1bef502909f8e26

SHA1
2946afa259ff755bbe37727978ac884f9c3fef87

SHA256
21d006a91ed18e40266e22807f99c6ce479305c55513c0a98734c0a155bb2110

SHA512
785535938c691fd3a5499d0268998c71424dcb8a411b8ef32f85569c7bd41fb57c29b0bb73afab9aab9a1b9bee95bf1274122459569d97e18b28798c90e6d62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
29304651c2111f387742f7bcf4cc54fb

SHA1
2f44f650793a17addcf5d6c699bc8d4941cb8eb3

SHA256
e2cce72c9c017adbcee1e3571996db7febacd90b0b6a3d5ce6f37bca65c06d65

SHA512
65949529965a2cd07799fcf23c0a194abcefc643fc6953dc4a44775816f387bff9191de7bf68cdaf32abee5c95cf3a0e4ad768a9ea29a7b9e7e701bc2a6b862f

Download Submit