5f82877541e091ce2ae4abb63f27c3060d63edab57552671c249bdff2768086d

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10cad9e01782958d57af0b53973a7276_JaffaCakes118.html
Size

214KB
MD5

10cad9e01782958d57af0b53973a7276
SHA1

5761689e94ce346ebd6e2a8ed97a00c2b95f35bb
SHA256

5f82877541e091ce2ae4abb63f27c3060d63edab57552671c249bdff2768086d
SHA512

ee04cbfb1a2041652f41ea83111059d57e3f8285c6361d5406222a39dbbb2e809a3cf8c30211c904556556c40e6000fa94cb5eec80196c3a79520529920fd78f
SSDEEP

3072:erhB9CyHxX7Be7iAvtLPbAwuBNKifXTJeb:mz9VxLY7iAVLTBQJleb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2704	msedge.exe
2704	msedge.exe
1976	msedge.exe
1976	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1876	1976	msedge.exe	85
PID 1976 wrote to memory of 1876	1976	msedge.exe	85
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 1532	1976	msedge.exe	88
PID 1976 wrote to memory of 2704	1976	msedge.exe	89
PID 1976 wrote to memory of 2704	1976	msedge.exe	89
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90
PID 1976 wrote to memory of 1356	1976	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\10cad9e01782958d57af0b53973a7276_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fe2046f8,0x7ff9fe204708,0x7ff9fe204718
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10346055391236350203,10843004182082093574,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,10346055391236350203,10843004182082093574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,10346055391236350203,10843004182082093574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10346055391236350203,10843004182082093574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10346055391236350203,10843004182082093574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10346055391236350203,10843004182082093574,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
77ac8b8342bb59ecabbea6de68e7800d

SHA1
a564b890a067394a3f854481b30be281c9b66262

SHA256
ea163381343810702829eb42310a9292a7ec71586554d74809fb62a50baeb1da

SHA512
93de12f74c353e87a5b500e3146fd8045fb24a549b20ab4b2e567454430b86f4cba8642b8af802ac2fbd8e989b56a35bf285ef0cfecd049e8b43b742d5fce048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33936e3b043cca122f6ec16954d12e8e

SHA1
1012024ccf3f4ab71f73f7c7da6faddb30d437b1

SHA256
3da26f7a9c75ab9b5516d4fe90a3bc6fad125f15eb11bf711bbf96c05f2f907b

SHA512
889200111c973a57e3a7ce023a4d2ce88c346c6c2a641d0de91d6569607d0229fdd42e8aeb67dba51b901c78f7d8eb12aefa97b85f625fcaf147fe2fd8d88c17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e03f6ab5329c6b6d42b20bab28d2db99

SHA1
39ef79583d5c1ff4af709c5abe75bdcb554066ee

SHA256
f38cc7fe48cb429646a44bd5ed658071ea3d26c49044693e12eab0edf7f6196c

SHA512
cfbfb488612f83bf092fed798321dbc7d49860f19e205ce2fc4d4ac47386860fe20edeed70f67fc93b19ac2abfa80ec442e2f64f74d921e04314d10f9a28ad22

Download Submit