e9bdab075c17224a152db99b4e4a773323f4126f888679a04c33bc565502db5f

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f801585b49198b64d2b0d0e99155d342_JaffaCakes118.html
Size

11KB
MD5

f801585b49198b64d2b0d0e99155d342
SHA1

860d30135927dfb0f9777740065b2537c1de2289
SHA256

e9bdab075c17224a152db99b4e4a773323f4126f888679a04c33bc565502db5f
SHA512

4c0d45f25529c57638e7bdc21ded101e0ffe07ae65ce747bd10be33a81b49c8b05aef86337740c9c252a6641af8f7025bc4ec515c82316969be1b8a0a2b05c0d
SSDEEP

192:2ValIsr0r57M9xuT8H/w1wvqa18LOXuBuLbdU8d:salIcIQ9xf/gg8LOXguLZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1048	msedge.exe
1048	msedge.exe
3596	msedge.exe
3596	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3596 wrote to memory of 1268	3596	msedge.exe	83
PID 3596 wrote to memory of 1268	3596	msedge.exe	83
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 3952	3596	msedge.exe	85
PID 3596 wrote to memory of 1048	3596	msedge.exe	86
PID 3596 wrote to memory of 1048	3596	msedge.exe	86
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87
PID 3596 wrote to memory of 1500	3596	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f801585b49198b64d2b0d0e99155d342_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffdc73e46f8,0x7ffdc73e4708,0x7ffdc73e4718
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,11538497798414124947,407787956408937335,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,11538497798414124947,407787956408937335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,11538497798414124947,407787956408937335,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,11538497798414124947,407787956408937335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,11538497798414124947,407787956408937335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,11538497798414124947,407787956408937335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,11538497798414124947,407787956408937335,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
22bb6af63c7710354ac7070e45ac988c

SHA1
34d29d6b316e39ed8fb8c5efb42c4269040fcf1f

SHA256
1a70d5d3dfc04e6f5cfec1ceb06676039229f895f30007fdb55b043ed48ab4fb

SHA512
42c12820b5237caa5b4d5149901f84db6619a69e85cb869df06e07b3cad1b51e0c2d0545ee0129cbc8e7947fd8c2989def537ad2d58a1d5bf2c2a1bf60041ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62677bdc196e22a7b4c8a595efb130cd

SHA1
bd2adf18caf764c8f034c08b6269d9693875f3c8

SHA256
b540616d7e73ff22642f4fbe2bea0f9daa2f1166391e76cf817b2a93e0bd41d6

SHA512
d23c3b9662eea6a75382242fb8e8084abc1127afbd2632f161df71a2aefaf223621511e1bf6229cf7e86313101a8d9dfe2f20e1c0bd481066e1969cd6fa75e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
cf8725acd8650e1640f7d67a6399e9f2

SHA1
45d9f9996f8568ce7a4e76e2e214ead6461e33eb

SHA256
8e6d033e5806695e18970c3982114869aa6092e1740e20da7149200d87d85fc3

SHA512
696a4e8126c988f349bf89f6f4fb739829e481cc3374dfe4409fd27162580f46f61501e7a635f5cca136a0e29c8f8c6504b28a13f2afb3fa0c588b08059bfbd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
759d98ca5a5aaa4a52199a8981b8feca

SHA1
f134e7e9cd76f8ea2c58a4323e24e09817989b79

SHA256
1d537670486799a5200e04bdbe46428c9945365afc6dd434c9a1744b5b251d4b

SHA512
76085250879f96d9234ccb099a3f3e3345321e51cdf7c685cda20a16d19486ce6c33a322dbc98085c044e33c78a0c41800b7522ddc125aaf62f3965e2f967581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
573ed9aa9464bbca7cf70a25683b2776

SHA1
c4d1be891205c9c36a1c2cfd3509d29501cc8f41

SHA256
29654b53b58a14c3a81f6a393c3a8f23bc3cdb579c5fd446869f04221b6cd436

SHA512
7d7e83d36bac4cc172eee5cce3cc0b256da512fb4741d244c9a042d3cfac418fdf8156c7a312a46b52544a622e3bc00969f07aaa173c023ee1c3a1fdf7bdfcc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c3f29ed00bb1f917f9ac721c6314cba9

SHA1
61c17a08c8d6f62213a4f2c6faf017cea4ce53bf

SHA256
ac445fd2b145b5879c2c636c1a40efeebf0759f7b8bc97c37d798a8020259105

SHA512
16c85e0a195665541ac2ae011044f38a2414ef1f98e30d6bcaf3faee34df000831a21c19c78f7af6b777404cf2fb208ea8bcfdf2db0a68b97c009cffc4b3f722

Download Submit