d9dea82730a59eaeab67a40de7ef8b0c4e5cef53d3a59c6ab0d81562a2200d6e

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cd5d2679eea8db4ab6b7a3e651fdfb0_JaffaCakes118.html
Size

172KB
MD5

0cd5d2679eea8db4ab6b7a3e651fdfb0
SHA1

6e144975cc3ce969bb2b2695ea715ffa0afb0221
SHA256

d9dea82730a59eaeab67a40de7ef8b0c4e5cef53d3a59c6ab0d81562a2200d6e
SHA512

a2f6728c43bba8df6f40d4d7e56fac6c974f62371d91e16e316274216e791dc4f3aec024deef3c617dfde24c366f9b03e4d54110456b543d21d6ee46235b3776
SSDEEP

3072:SPNJhoYbZqyfkMY+BES09JXAnyrZalI+YQ:SPThosZPsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
1660	msedge.exe
1660	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 3676	1660	msedge.exe	84
PID 1660 wrote to memory of 3676	1660	msedge.exe	84
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 1380	1660	msedge.exe	85
PID 1660 wrote to memory of 3304	1660	msedge.exe	86
PID 1660 wrote to memory of 3304	1660	msedge.exe	86
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87
PID 1660 wrote to memory of 3644	1660	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0cd5d2679eea8db4ab6b7a3e651fdfb0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6d6446f8,0x7fff6d644708,0x7fff6d644718
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2235744156404801414,13257585234330143594,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,2235744156404801414,13257585234330143594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,2235744156404801414,13257585234330143594,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2235744156404801414,13257585234330143594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2235744156404801414,13257585234330143594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2235744156404801414,13257585234330143594,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\00a8b54a-9ca7-4f97-aa2d-6a75ee61f4a9.tmp

Filesize
6KB

MD5
d1e90347b843ef646760457a13291cbc

SHA1
e557a111e047d771391b836a39050f6b987fe38f

SHA256
2057308e860ea7e897e3d27666f9b0ce0e05381ef2879ef89dd0ebed476c3c61

SHA512
f8d84c51b623d0ab051ce51f6918455b04bdd393f7450d2cb6b50dc9e8dab3d02a4c6209c9615cf376cdc178cbe65205fe12a58160969ac39e3aa409914251ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
340c1d218ea8d7a4766c99a4f32fc23b

SHA1
fd778e93e571828d24ee127e16d5e36d6b345ada

SHA256
244234919644f92176ae8b04945b5f485aed6028dfbd13ccf6b3b6ef1d97dbdb

SHA512
21dc3715e17d508f24a8326de7aef85a23168ebf828b1870af8e552f2ba4fd96cad805303472b76e83c533607f6e76f8a22b996033eb93e0b9b754ebf9d0b517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6f9b6584de7929aaa51379f54e2caa48

SHA1
f2c318e2f16a043fed3d0dbaf4646f3d354ee804

SHA256
9cabf842a1cb856e513298420d523698e7d56418fa7476cf88f192c84ca580dd

SHA512
35ff63bd6294c11c85fa71b61704f8065f62e5fb04a066b1436c77f5544f94103a683048d3afcdf5a331b5bbe7f0e7e6be90bff71526c72604b866068d129d1a

Download Submit