bf765ae714500856ef5c5e09954bb2c4c70710ae1cc8b5b7e06f252da5075b9d

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 12:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f374d1034f4846eeeda597b40ee0dcdc_JaffaCakes118.html
Size

172KB
MD5

f374d1034f4846eeeda597b40ee0dcdc
SHA1

d55db1417b67f9d1220a9ba825cd5a88fc2c5d55
SHA256

bf765ae714500856ef5c5e09954bb2c4c70710ae1cc8b5b7e06f252da5075b9d
SHA512

da4211be5020766db7bc237d1631d2b80614c18e0a267b4f626eeb26f2e044c5ae78df77a19e85a52311c89d63d70a397a1546e05741260cd4714082b5f1e084
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcL/8HAGYyL79FJcZcXH3Rp:srffLp5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
788	msedge.exe
788	msedge.exe
3544	msedge.exe
3544	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 2044	3544	msedge.exe	85
PID 3544 wrote to memory of 2044	3544	msedge.exe	85
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 1128	3544	msedge.exe	86
PID 3544 wrote to memory of 788	3544	msedge.exe	87
PID 3544 wrote to memory of 788	3544	msedge.exe	87
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88
PID 3544 wrote to memory of 232	3544	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f374d1034f4846eeeda597b40ee0dcdc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffc2df546f8,0x7ffc2df54708,0x7ffc2df54718
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,8375999159197939582,12415902774109682131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,8375999159197939582,12415902774109682131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,8375999159197939582,12415902774109682131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8375999159197939582,12415902774109682131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8375999159197939582,12415902774109682131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,8375999159197939582,12415902774109682131,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e2ece0fcb9f6256efba522462a9a9288

SHA1
ccc599f64d30e15833b45c7e52924d4bd2f54acb

SHA256
0eff6f3011208a312a1010db0620bb6680fe49d4fa3344930302e950b74ad005

SHA512
ead68dd972cfb1eccc194572279ae3e4ac989546bfb9e8d511c6bc178fc12aaebd20b49860d2b70ac1f5d4236b0df1b484a979b926edbe23f281b8139ff1a9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
864aa9768ef47143c455b31fd314d660

SHA1
09d879e0e77698f28b435ed0e7d8e166e28fafa2

SHA256
3118d55d1f04ecdd849971d8c49896b5c874bdbea63e5288547b9812c0640e10

SHA512
75dce411fce8166c8905ed8da910adb1dd08ab1c9d7cd5431ef905531f2f0374caf73dedd5d238b457ece61273f6c81e632d23eb8409efbb6bf0d01442008488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c9ed4463371ff22935d953feaff267e

SHA1
9dbb2e3460ea942ae7240a25ce3ce2a3acfa787d

SHA256
daf23d02d1723ebad4d2895bf9e08a7c62c051457ea648e1b0edee7ac0086915

SHA512
270a4ce7b04bc7730c2d178061bfbf1933d943a8207ba98351857b012dd93b98e456d96370533956055f2fd679935d021668ff5ac70037bf8fbcd52ff3ba2f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc715243ab66c0fe28c57a2cd1253653

SHA1
b86c9968f7ede109126e89d411b65d361f772087

SHA256
f35e15858ec24ba8e60ad13e0773540332d643d39ab4b907950e57f95520728c

SHA512
04357faf099c1fd84df9f2e34ad81cc807b7b7fa8ca622c3a096f3628d328684462c05f7f2c13ff46df779dd3adedd2b8176db5e0b5fdf5fa0ef70b3b4436062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
001615cbe0fa1d7e8aa034566e77aa22

SHA1
f4b0a374219e13e7400d124e98fe332cac8768c2

SHA256
fb5d242ca922de4d156a930ba4b2acc6892766f6cf24149bf2de0189af783863

SHA512
311c7b7bcc3b8644f11c0e0d186279102178042227b385bd6c25e3477215bbf07964b306720bed4e56aaf32ea869e20fd99121c7c53da867a244428040d6c5c0

Download Submit