a3b7c2c0d05b09f19b11bd7ce7e3238ffa999deea3b06ac81209f48b6e7a96c8

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f325bb2c4310a17565480621fd102a00_JaffaCakes118.html
Size

129KB
MD5

f325bb2c4310a17565480621fd102a00
SHA1

3b01f187fc2ca9598606c2272710edcc84beea4e
SHA256

a3b7c2c0d05b09f19b11bd7ce7e3238ffa999deea3b06ac81209f48b6e7a96c8
SHA512

454b4cfd51f41610d1504b0bf1df97911a22cfe7349186cc6f20ea61f029e715fa3fc6844a02d4a77b55fa88f7afaae80a0ea9c6cf8f040a8683b672007e73dd
SSDEEP

1536:S3ejAFyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:S3RyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
1936	msedge.exe
1936	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 1684	1936	msedge.exe	84
PID 1936 wrote to memory of 1684	1936	msedge.exe	84
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 3848	1936	msedge.exe	85
PID 1936 wrote to memory of 2044	1936	msedge.exe	86
PID 1936 wrote to memory of 2044	1936	msedge.exe	86
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87
PID 1936 wrote to memory of 4788	1936	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f325bb2c4310a17565480621fd102a00_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91c6746f8,0x7ff91c674708,0x7ff91c674718
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,17574994951345242572,16498746884072176783,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,17574994951345242572,16498746884072176783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,17574994951345242572,16498746884072176783,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,17574994951345242572,16498746884072176783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,17574994951345242572,16498746884072176783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,17574994951345242572,16498746884072176783,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\431ea49f-34b0-4423-81af-4d61718d99cd.tmp

Filesize
11KB

MD5
b31084fe3820d4e8d51292a6a6c9a489

SHA1
27a43a23eea4afbe749425b104cde16ef27a56cd

SHA256
997b44abbb56494fb00a36d09071e449c0fec00beeaeb91383935b15050ff405

SHA512
07234ec456ecc9da42569d164697dc5ba6a9ac938b583fec4e13fbbe51aa9099f509152b100892ae5fb17b7aa68d77b5cec4b5a54466c9d61b86256811dca08c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
931f3380b6f2016f8893c8f554a9954d

SHA1
3e90d5185856d342292e184bb4f55b1894feb8e0

SHA256
8e7a3e05a6900b25a9e27ccee510ecd295b32e38bfdd133c34f8207dc44a0f80

SHA512
ff6306e6c4bbd5521cb4e3976e887a9576801ee9364996b89f66c178a6ec87a11e3d5cde9b7580e949cda71cbd024020824a53ba6401af4d2964a0f680a783b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77dbb2509ce8f774f3c902c1ebfb7562

SHA1
b32e0d012dd3c91f5ba188a40d855dc2be5888cb

SHA256
dbf5ff34faa0fa773b96f1886d36d5d3470a35a9d50b54beff15a93ec4889278

SHA512
7139b8f8c99041bd421873f6ffa3969370a802272ff2a8b81036cf470dcb02feb8875a66690e79dd9ec8c11af74688eed82cecc358931dcb1040acf49cfdf4f1

Download Submit