e945d0efc89cf3ebc0eef2accd82c196fbb751fca8ae05e02cad7bce29979611

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09b9c10db614542604b9c010b3dac2c0_JaffaCakes118.html
Size

36KB
MD5

09b9c10db614542604b9c010b3dac2c0
SHA1

658bdf1144ca5e0548a0b18821b3363e62a1644f
SHA256

e945d0efc89cf3ebc0eef2accd82c196fbb751fca8ae05e02cad7bce29979611
SHA512

57de9a79a03d90cc4e4147f1a4ec5b3b1e768a05f5c2dc019b3131d2f39fe21af914ce5fc31cf2dbd062ca7c28ec927997e4ff376597523b492c8880e2a8bba7
SSDEEP

768:zwx/MDTHWI88hARqZPXBE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6T+ZOk6u3l56lLRx:Q/3bJxNVAufSI/t8+K

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
832	msedge.exe
832	msedge.exe
3628	identity_helper.exe
3628	identity_helper.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 740	832	msedge.exe	81
PID 832 wrote to memory of 740	832	msedge.exe	81
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 2576	832	msedge.exe	82
PID 832 wrote to memory of 1192	832	msedge.exe	83
PID 832 wrote to memory of 1192	832	msedge.exe	83
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84
PID 832 wrote to memory of 1568	832	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\09b9c10db614542604b9c010b3dac2c0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff942d846f8,0x7ff942d84708,0x7ff942d84718
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9309822144983614317,16082681831422467025,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
614B

MD5
b1ed6b0bce4dbb21754fa7f391eda305

SHA1
e6954a74a64e667b2b6b9f16d26973cb6d5eaffc

SHA256
990abaad88da6dc6b06bb0fb3f31460ccc89fcdc10bc469ace2766af632b89c1

SHA512
26f45b12d709bbfe5857f670bd47d9c50475b1da2285a7772be35e1e50e10d6aeaeec8708913216b8e4f3396cb590305b7c11744433b075b26e4c51fa8b170b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb835e0520229b87bf31cad0dc703829

SHA1
608f7f6531c63c00175bebc6c696bc9143fd2819

SHA256
4ed531c8c39ae41ea184b089f200ccd04e3af19560f4db00a62bcbeb0d83cf21

SHA512
87aa021c216c76197a5d9ce8d2139f98ec7023ac0ead1f70fd76baf6b81de2eb60e2471c12f095cd8ef7117539ad5db53167266cdd239936419d47dfae6a167e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fd19289549b219f32bc8c5378a0035d3

SHA1
501f14d143b7f17082bb79dc72fd3f507a5f91ba

SHA256
f53f5ea17c434befb8a805267fb352521a7cac2c23c86d124488aa51e2a67c63

SHA512
9bdff3c189f032a085fd6c313a6fbd804daebd20df8ea0741d3e9d817ba6a98de41fd0fb7f807c8903a8e53f682f71a66408bd9e7024d3ec15490ecf0da7d71c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac8a42939096e1b8151b8d67ea42779e

SHA1
bf59c2d844cdf8801da5a32f52bb81604854c64f

SHA256
15400f3c76b94d8d1e85f54dab9f8294a7ec72a2c402c898df5d40b4e6f69e44

SHA512
11971fa92658a1ec15243ccf92ad7131cfadf543c6d00b9e47b0d1aa0170dd21cd8a0891892e690988b59b1557e42e6def1e7665e067acac4253204641be0e97

Download Submit