d549e00355e11efac7b6c063ad9f2d923d9635f543ab70e3f901eafbdcc728d6

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1338ad3af2f5bcd2dd6bdfec1ed9d60c_JaffaCakes118.html
Size

141KB
MD5

1338ad3af2f5bcd2dd6bdfec1ed9d60c
SHA1

a1b385440a260c9468565c32c8d2cf5517bb0979
SHA256

d549e00355e11efac7b6c063ad9f2d923d9635f543ab70e3f901eafbdcc728d6
SHA512

bafa793963ef217dbb88c86365684128584f7b5c3923be27ceb9835cd845f6996fe0112372be501cced80310375e1a38f1a4739560b514fc5db11e6dcf74c139
SSDEEP

3072:S9YZjGwJ+fxjA32xEi3NWtkGJa/8/sMPJAv5qJluAJobvxVt:S91fxjA32xEi3NWtkGJa/8/sMPJAv5qu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
1632	msedge.exe
1632	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 2896	1632	msedge.exe	84
PID 1632 wrote to memory of 2896	1632	msedge.exe	84
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 4800	1632	msedge.exe	85
PID 1632 wrote to memory of 1540	1632	msedge.exe	86
PID 1632 wrote to memory of 1540	1632	msedge.exe	86
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87
PID 1632 wrote to memory of 3132	1632	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1338ad3af2f5bcd2dd6bdfec1ed9d60c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda12646f8,0x7ffda1264708,0x7ffda1264718
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4651074201539254926,4247170339039744134,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,4651074201539254926,4247170339039744134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,4651074201539254926,4247170339039744134,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4651074201539254926,4247170339039744134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4651074201539254926,4247170339039744134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4651074201539254926,4247170339039744134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4651074201539254926,4247170339039744134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4651074201539254926,4247170339039744134,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
08e725bfb61ab27e1aff8f08e83bd884

SHA1
00e525d6639ceb60476909823b6cb0983adb17f6

SHA256
d06f43c10ffa1604f786ee621e047cf3f4f05ce8978eaa580d90104a0f84843b

SHA512
733f33640e474c465b6ed1d82257db7547aca876675a31b2f3a0949cff7d91c96779f39f2d8cc423821766406812a475ac259ef2714da791ce6f22eec7d45f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6c8e9d5bf0612e9d7b1a0c2a723ea11e

SHA1
18f5f2c7e58efbd8903d6a337a669156cf05588b

SHA256
6915fc34e45853e816aa351408317b1f3defd58dc7325c05af2b0a6630071273

SHA512
b951d2dbcb43b7be8c54969d313382e1f9c3bbeae72babe3ddbfa91495a1ce23a7de65b91f81ee96b42a64ae29f3c6ce7471a0dfc0b48ec6b5c0b437d61c9cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2a1c0fe14a32c2bf4b1383c13f6fc0cc

SHA1
f758d61476c3058374fa12a49159c7a336ded1ba

SHA256
1eaaf8cd74984aad4863b3add09b7ca01586f916474b07b4344125bf91079e16

SHA512
3e50ebd3adb1e72b3d5dffab14483f2753b74d2d53b4d022591f1f1bf76eaab4a3c3e673a08ab471d66c612fc3f5d9f574279701899caa566ea7748c166788cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
455e5e6644418fbf9e6746640067ceee

SHA1
feba043e6f6a15a844868183ca51a61fb219ee8f

SHA256
3250aa487e73e3ed5300e815e48987b75b9c6e624af25e23ec923fb0425a592c

SHA512
1cc996468f55f659471b33e8538205db3fc8ee8dfe74c5af0ccc9e11fa842cb275e59b6bdd973e0085777081fc7277386c7e877ee34e4487a09bd98a4a83118f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a6f96525f3a06a2184b0ea71eeaa8bb

SHA1
3102a25f91ec99d28ba83c125eefa8c1735ce26e

SHA256
a32792b11af372795d390451108598e528ef873e806e5f8804759a3bd9fde4f4

SHA512
3ca3ef9853b2b69d241b73f083b1e5c9ddec2a158d6570c5cf6c0bfefaea328345ef1ff935871a26dddc571b876afb176a863a4e37dfc4b29748167f22d704d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a5f63490e76051e2393e90e56297a24f

SHA1
c2018b4272ca9605d4b5d788242ee3a43fa5e255

SHA256
860125f611ec5658abce5018d29529be7aac38dfe604c77e3506ae322807f212

SHA512
dbc2e6465b4dad470ac7d1c20a59871df1cb2897aaf0620ed6575ba009b7c7ef3532cda37ae0333278c14883ae131f9052ed5b6eb32aa190d4ad1e2f0393b472

Download Submit