e402d75382e98de4d78793fec95d7e64228c40eaf7a98b4bd10d85b45ed81043

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 03:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c982f9e70f312be177c7d5706fbc000c_JaffaCakes118.html
Size

182KB
MD5

c982f9e70f312be177c7d5706fbc000c
SHA1

01d3d6b0bc3bc54214be7b22def2fad5709188a2
SHA256

e402d75382e98de4d78793fec95d7e64228c40eaf7a98b4bd10d85b45ed81043
SHA512

7f1971dfd76923b60d504aa80b1fa9962542630e391a578089d491e0c5327e634615c74a692bcda52d2d46d217f6a8cf6755ee640cdbff803bd3fcf3f2b1f764
SSDEEP

3072:7aCNHIECyfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFiM:7aCNHIEHsMYod+X3oI+Yn86/U9jFiM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
2304	msedge.exe
2304	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 3408	2304	msedge.exe	84
PID 2304 wrote to memory of 3408	2304	msedge.exe	84
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 2880	2304	msedge.exe	85
PID 2304 wrote to memory of 4976	2304	msedge.exe	86
PID 2304 wrote to memory of 4976	2304	msedge.exe	86
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87
PID 2304 wrote to memory of 3976	2304	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c982f9e70f312be177c7d5706fbc000c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd4fb46f8,0x7fffd4fb4708,0x7fffd4fb4718
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7409006718761259354,18256751873218155513,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7409006718761259354,18256751873218155513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,7409006718761259354,18256751873218155513,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7409006718761259354,18256751873218155513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7409006718761259354,18256751873218155513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7409006718761259354,18256751873218155513,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4580 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9087bef4948083323cca4744fe1a17e2

SHA1
734a2c883e5eebcfc5a772bc1fb3656b5a951c27

SHA256
73861e8570d05a9742f51b9d4d893a0da9ad6cee9098733f323adf8744758c92

SHA512
4791884fcf93e46a852fdcaba93609c03a474cf603b5fbfed20909e42b764726611a25b23094eb1e4cafb2b3c40b4114e73856382a7a52a33a65a92d8a8dcec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a172de0c0f6c7256caeea44e60fc08a5

SHA1
c58a2345f0bb61322d2aa7b946168ae8be7cc469

SHA256
86ffa61c65fd87a0dc216877136b6e5125149a0b6a21be8ef983486a12b0872c

SHA512
942a3b23909690a8143fc1ed47303e5aeecd8bf587e35504a0cb0d0634c1596b70c564e9944994427a3048ccda5b81f12f248ae178b7df399c887edbba3fbee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c282c7b2e548425ee23e0c164e8621ca

SHA1
eff7f074858e73364ebd26a7dceda66c0e0beec9

SHA256
74021fbdefc25cfdce9dae32b9f3e8ed64c29b6180f784f27e3fc8cccbae9cda

SHA512
878952ce27a2f4d3166e3a1b1effc5e1c9c0b45a47ab24de67062c255ee9e6b145eb7e7fb27c546fca4906cdeeea325596226392f9567ead3475d8e7709db62e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fc164f167abb44511065aae6e06a4f36

SHA1
bc20388890590b9407cde08001966590d36f9a0c

SHA256
f99266c21f74b31df573a46d9b5770b6b2f3f7496cac6e7ae0890676d3128954

SHA512
37e3a0669bfd4b050ff88225f8645d84ce28f520b69308cb29ac19591cceec7c3102fd69883a7fadabb75638de132b17a1aa99e4323273c7be6fb61cfaafe45b

Download Submit