cdcf8dd36d76897dd6cd895663e3987396ebf5b34cda0991d8926ab7d7b77937

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2024, 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00133fc826517d21547b93a2eef29f05_JaffaCakes118.html
Size

20KB
MD5

00133fc826517d21547b93a2eef29f05
SHA1

2c32e15905b0f3bb89ed4b525c191a7b2753785e
SHA256

cdcf8dd36d76897dd6cd895663e3987396ebf5b34cda0991d8926ab7d7b77937
SHA512

15eed8e2d666521d6e82d1ab566fb740d578298f099446952418b489e40cfb55755aadb40e8d81d92614c6b25d1ea4397d240150fd84420f4451e2cf5b8393ea
SSDEEP

384:HedDnWUy2Zfb50/eDVMZF78c5IdmeTof8NUX0R6PjRCb3mlWEuu:+dty2t502D2ZF78c5IdmeTofFM3mlWEF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
944	msedge.exe
944	msedge.exe
1508	identity_helper.exe
1508	identity_helper.exe
6048	msedge.exe
6048	msedge.exe
6048	msedge.exe
6048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 2548	944	msedge.exe	85
PID 944 wrote to memory of 2548	944	msedge.exe	85
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 4516	944	msedge.exe	86
PID 944 wrote to memory of 736	944	msedge.exe	87
PID 944 wrote to memory of 736	944	msedge.exe	87
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88
PID 944 wrote to memory of 5048	944	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\00133fc826517d21547b93a2eef29f05_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ffde1ca46f8,0x7ffde1ca4708,0x7ffde1ca4718
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1584102044724085021,7741088551162573851,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1584102044724085021,7741088551162573851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1584102044724085021,7741088551162573851,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1584102044724085021,7741088551162573851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1584102044724085021,7741088551162573851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1584102044724085021,7741088551162573851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1584102044724085021,7741088551162573851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1584102044724085021,7741088551162573851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1584102044724085021,7741088551162573851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2512 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1584102044724085021,7741088551162573851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1584102044724085021,7741088551162573851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1584102044724085021,7741088551162573851,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5548 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c636659a1f8253d7745ed05b8bd12bf1

SHA1
139a386c7b0e85f530d91dbfe3b1fa3b14523d7f

SHA256
2e7a3843f5492c08fb51af62c0004267a9bdc368ac91aa4b63d8bce72df97272

SHA512
1d391e5c842ffd744cf1ba257f3e02c9f1ac5f078fe5a49549bb722b7e3c1cf7422952b610d3b943f7cf6c7bb661d5d564d5d0dd1d8ba17cb3d48d7d6c107002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bee6182c862caf7533770cd0be567aa4

SHA1
0fa06a3c45cc1ceee06afee10ae9a578537e3346

SHA256
12d1083c288b62fee37f4ed777553f1e36d381bdd4cc1615a1b49c97f2b8e421

SHA512
b28290f0b28e1c3e6f68818dda799c48496f2e25fbf279faee91ff2c6a0828149017e75da693e1e13514f1f9eae230b3aa2bccf906501670ff9366c9c16459b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
995bde178abed7b8bd7652977febee0c

SHA1
2965257817c44b6e138bbbacf0b78c0d98217c5c

SHA256
269f42271d92817bd4d2778ff4f18f30448a86bd6f7f90f222e6d5cdc36b45b5

SHA512
8d24896098d6e87bad02e2c090f4fdc35e8b34752b77021fb97d22893fe734819188cf81f18486dbfdeba08e85dc52b5cca529d78d7daefc249612281ef55525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
434da895be1963e31c63e37189de29a3

SHA1
e2dbd02a985ac1bbf51df6dd2850325124b1737f

SHA256
891cfd961c23f933480321591736ff54cd8a5d464710911af721d026795e21d9

SHA512
a0c15598e1f8cdf92af3c4abff35b4004ced10831d4893b08127385a415f426265ac22e8504dfc1adba48f48d4bf8c2c626fe97a94f81ef3b4cf774431c838a9

Download Submit