8eb51259897bff900037a70b09e6cdf5b473cd6ff4e95521c235f79018b950f1

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2024, 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0016c3fae5a782d94e5dab725dcb1231_JaffaCakes118.html
Size

36KB
MD5

0016c3fae5a782d94e5dab725dcb1231
SHA1

b0f5133737b278a62b9e7fc6bdc8a33a97884b17
SHA256

8eb51259897bff900037a70b09e6cdf5b473cd6ff4e95521c235f79018b950f1
SHA512

709fbfc1ce2fb0e957db3731389b006a71946361af9789ee777b801491af8563513af7db435bc8a650ca27c3e435ee76efcc2357f970205653af18142b86c116
SSDEEP

768:1PQblHQov4HhJrlYnTw18Q31Nmfm0wfK/tlxG/tfP:pQb1QovGJr+cR3Wfm00K/tlxG/tfP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe
3924	msedge.exe
3924	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3924 wrote to memory of 556	3924	msedge.exe	85
PID 3924 wrote to memory of 556	3924	msedge.exe	85
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4512	3924	msedge.exe	86
PID 3924 wrote to memory of 4884	3924	msedge.exe	87
PID 3924 wrote to memory of 4884	3924	msedge.exe	87
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88
PID 3924 wrote to memory of 2324	3924	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0016c3fae5a782d94e5dab725dcb1231_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb011346f8,0x7ffb01134708,0x7ffb01134718
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11028897142459610933,14811060107703409515,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11028897142459610933,14811060107703409515,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11028897142459610933,14811060107703409515,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11028897142459610933,14811060107703409515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11028897142459610933,14811060107703409515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11028897142459610933,14811060107703409515,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
309B

MD5
100dcf1b406f33ceca508a777337c5f2

SHA1
8d8969030fa75cd874df4c8b0cd731d9b8eede06

SHA256
93e3fb45b0f83259fbf8e46633e6cd7166fabeb8f71225ffc3451ae461da3b97

SHA512
379d9810607008e3fc0f6ea57c43d3b726ac364a2b2a794dbef2c5e78819d02302a2a830fe8faa5b6d9df34c41febcdf60141a99329109fa63723583a3dfaacc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e7d3edad2587975633a75a51fa911a0b

SHA1
fca40dfb38d5860a3d0a545ad350abe268db942f

SHA256
f3afdd427ef0e55cc0f848a79eef43657e1f6d7f201307722aebce9d8ccd4d05

SHA512
6cbf70d24b29a7d7e6e085d71010895f22787e06c93a9ab15df04d887c62c641a3264d278d40d8345e26f03610ed50e51a7037584360392454f009597a1fbbc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0bbd238f7a6e8692e5acf41768e55ab1

SHA1
ded0a65de8f46794540739b5dffcdf0a5ed9c96b

SHA256
10559d18dc71eef51e4822734fa56b3804959475d2c5322300e521fbfbafd4d5

SHA512
eb6f6b8a6be59d959d0338a50b447d4108173043f25874f93f764fe3555a16e4ae8acfeccba2310e2fe991fd9ca219a7bc5b2cb9cd831322876363307f72c65c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7272eda8feedeb0828197176f5b1c588

SHA1
6158ffee4dfb2a411355d36a75647d6946d75820

SHA256
d44c027529c22cf473ece74b4d79c1e751be09194d150f16994cd36c2056041c

SHA512
c4cce865a8776aff98c97c08c622dc7687dce5584ba4f8788e8dfb2c1566cacc5f81ec16dcbc01354bbe3b0e40a12603902f638cbcbd8c8d004c5d2a950cea53

Download Submit