eae845192c63b5ce9bc962f6dbd54cbd747f97d7f75c6fc068fc807bca68d66f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 03:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

024e7866cb38b23ad88878e8d1536681_JaffaCakes118.html
Size

47KB
MD5

024e7866cb38b23ad88878e8d1536681
SHA1

14fffcff122d68c037e8ffd36d71bfcee1b9b995
SHA256

eae845192c63b5ce9bc962f6dbd54cbd747f97d7f75c6fc068fc807bca68d66f
SHA512

23b6370091c72405edc6152210546d4e3be76e578d69dffbdbe38c55b8e73154186612f74dae28a420699b2a21987f27ab0ba20956729fc5a71f0271cf0fcf8f
SSDEEP

768:SWclqPewzNb3enfH2cXTrN6MNb3N37YBeJxAO6RnouKR724VoYInKf3tuseFoyk5:SWclqPewzNb3enfH2cXTrN6MNb3N37Yq

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4508	msedge.exe
4508	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 4844	4508	msedge.exe	79
PID 4508 wrote to memory of 4844	4508	msedge.exe	79
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 1336	4508	msedge.exe	81
PID 4508 wrote to memory of 4076	4508	msedge.exe	82
PID 4508 wrote to memory of 4076	4508	msedge.exe	82
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83
PID 4508 wrote to memory of 3044	4508	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\024e7866cb38b23ad88878e8d1536681_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffa688b46f8,0x7ffa688b4708,0x7ffa688b4718
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,1812392667475983292,12898592775242452348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,1812392667475983292,12898592775242452348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,1812392667475983292,12898592775242452348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1812392667475983292,12898592775242452348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1812392667475983292,12898592775242452348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,1812392667475983292,12898592775242452348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1812392667475983292,12898592775242452348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
  2⤵
  PID:3744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
f2bec6ba1cc8ddea0aef7121fd9e004d

SHA1
07875ca6d71895285469846bba45a344dbcb0e01

SHA256
8e554a645e63cd60b6d3eb3a0a1c17c96fa879d53d0eb147bd04fd124ef5e7e1

SHA512
b70a723cf2867ffab4d7cf2cefa99c7aff06236c01f06b4217a3682b1d5780368b84ea963a907cefd22d45dd3cd282405a40deaa9929ca15a9e950aa4aafa27b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0376f02b0c2543caba721cab6f35cfc2

SHA1
360523bc7fa33a627c51833f251c4845cee01462

SHA256
a4b2c2d07a8d37a7d6f60dfb37623a28315717c330d14830ebc85f9f28432202

SHA512
cc7604006eedcb443e937e12950c1373a061f015e277f435269063f7ed5acf83b4874d5b6aa5bf69da3ffea204bcd1f66b92eadad5cf9251603698103ecdae9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50f23d390bfb68223d84b11b6b5cff0b

SHA1
433be9790a76f8e0030bf7cd53a5f4c7090e347e

SHA256
5daf03e0b31cef2126d5de25df2a9301f42d338833bfb159d9dfc5ed78f5f684

SHA512
d1e3de67f71d9af4407af916e2a5a92e0382007bf8e66a99b020af38a18731544641c16a06a3f6d2fb2a25537a5197806a467d6e7cdf99fe340cfeef09bd8be5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7bf94c86cc574370690f4244117c58b

SHA1
066c43178f116b92efa3bc7f99fcc0e5114f9d88

SHA256
c15a15fd84a6d882ba76319ecd0b2749e8e272cc997d3dba4338a1a6027b1a95

SHA512
e531efd183296f1de15de256e97a58ad948d5264eae3e2dcc26ace7b2b3e60297beaafa3e5e5541934c8abb5db7aec65fe862360bda3a8bd07f381a392352114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
68665bcf36bc386b9a975110084e7267

SHA1
d3e42cb0a8f4adb71b345cdf4a27611bff8c5471

SHA256
1fa5cee3bd16360e0748e01a3286fe28bb0626be675983fb1db6f5284e89f897

SHA512
8afb06c6a20ef54740b35aee0a58a0bbdb6cf66ae45e4b22ad7b7eee2e2b36448e88186fef1f81c9c1a593a6a775490114d0efcd128a49888ad2d5588ab31d3f

Download Submit