e01b517c885b54227084ef2cbc60e72ec85a67e3c8c7a7eea1b8b71ef825b998

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5e238523e781005effdcb0e27218b8f_JaffaCakes118.html
Size

53KB
MD5

f5e238523e781005effdcb0e27218b8f
SHA1

394aab32f80d6478076402f2b7d54d6f13aca7e9
SHA256

e01b517c885b54227084ef2cbc60e72ec85a67e3c8c7a7eea1b8b71ef825b998
SHA512

db998518e5d7cfa56cf23a7d076e42182865db1c9f8e84bccf209d7178317de1896d8d482252fe4393e42c407fa699bbb8067fc0672d976939cd8a8ec5b06bb1
SSDEEP

1536:9kgUiIakTqGivi+PyUprunlY863Nj+q5VyvR0w2AzTICbbnoB/t9M/dNwIUTDmDi:9kgUiIakTqGivi+PyUprunlY863Nj+qx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4904	msedge.exe
4904	msedge.exe
2132	msedge.exe
2132	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 4352	2132	msedge.exe	85
PID 2132 wrote to memory of 4352	2132	msedge.exe	85
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 2956	2132	msedge.exe	86
PID 2132 wrote to memory of 4904	2132	msedge.exe	87
PID 2132 wrote to memory of 4904	2132	msedge.exe	87
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88
PID 2132 wrote to memory of 4908	2132	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f5e238523e781005effdcb0e27218b8f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16702153320917671238,13556230095824199688,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16702153320917671238,13556230095824199688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16702153320917671238,13556230095824199688,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16702153320917671238,13556230095824199688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16702153320917671238,13556230095824199688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16702153320917671238,13556230095824199688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16702153320917671238,13556230095824199688,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
601B

MD5
e546622dce6a9ad9b56184cf50c4046f

SHA1
228d13e5525e087ff96b3ed4bda1946bd910a144

SHA256
4561a42f5eb70a4a7b62f5b17231bc61466f82052b214fc77f6a637ba4187ef4

SHA512
185569bfd4ec7c17abf9c3372c854f79bd505e19fab9c6e87c9311a68f61dcd0aaa271381ca6767de53c56b7f7faf772776457468585523d71adebdc77338356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
570B

MD5
f05dd25fa6f86747088e819ef0516969

SHA1
7beedf24769b3b486b5a3f912423504ad1f60d58

SHA256
60be46778c97c32529c8bf57e09633911244bddb0d4bc8d70a5e94e6431bac25

SHA512
a223ef659064b3be3ffbe392d66aa5d54e7fadb15eb7e65e85489d10d262ccba3931e9e32707db3e1e47944854bbd40726336fc80f3992ee8cce32f36b86bf50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d750db96981893fc557811651974129a

SHA1
36a5826a864aa77f33bc8c0345f7e31fe75c505f

SHA256
5f70164ef09bbaf41db3139b8c6b3b7126c2c92529372dfe34ec676b031f8fcd

SHA512
a10fc1853f4b04f6f93c8b681257238c01f4e9f97f282c197c3cd16106e2a684927455564fb9f09d6c12bc59c1370906641c6786519332adb90615f1c1d1de95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
80d60a5d0a31c87230e61a9ae27fe882

SHA1
c83c47f33ca28357a0efef2e95e9ac55306083fd

SHA256
e58c383a6d83c94b4f1f8b6c5bd3a5f593867b805eedaf7ba8d6a60b3dfab812

SHA512
878c4af2445253f92adb9d3257d54541feddb8dad9d744daf5c3df6838211d828a609a9f73735a1d3beac8863700808015efe554bbaaa3b793f839f8367f2ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
722a50c9506f248b88ef858b90dfe2d4

SHA1
4cbc5d8a0ee8efbf5be5ffc947bfda1a321ee3a7

SHA256
1871b70520f87fbc07bbd5cc54b3dcf1c1b6e80288a5124129b2c6c136570513

SHA512
e7be0abf91b4eecb6acc31c68d2a8644f1c86dda90548be8685937e2f59be03594500426a3473fa6c0e4962ab08bae425fd22600ca4664349778136120c0a1e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3f286848a0c1d3e90c90167eb0c247ab

SHA1
ec60804488444e7dd85885d22c3be8b0721f3fdd

SHA256
d30f228a2f3f56fc334ce34fcdbee82142f7e921d1aa93a13453883ec4c00cfe

SHA512
847a7ad24526fa64de3450f06e98f8e0d78017b2995afac8e3937c473683c8da37b7a903c3ec1367c44fa34e8bcc7503a4cbc7b5956000885834301fa89b701d

Download Submit