0ce50b3afce03f581332cc5272d021fac55f5a1d0a90593ef877ab1190c0e064

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 01:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15713660fe77bc52aee51388fed7355c_JaffaCakes118.html
Size

42KB
MD5

15713660fe77bc52aee51388fed7355c
SHA1

5db45b6f4a50c05ec05a37ee85203ad80c08a5dc
SHA256

0ce50b3afce03f581332cc5272d021fac55f5a1d0a90593ef877ab1190c0e064
SHA512

70be4d59d015bebe39e134b7253dcb01ce3712e837463f9ad81a682fd0a451042b31f832c3ae229bf700ed7101b422ad4359116ad6cdb0a2e65f70941dbcfedc
SSDEEP

768:A2riI9qTzj2G2riINAJ/FD9TSq8PeBzFJExak1NxPeBzFJExak1Nxzav/hw9oldj:A2GMqTzjx2GZgPeBz3Exak1NxPeBz3Em

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
2740	msedge.exe
2740	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2964	2740	msedge.exe	83
PID 2740 wrote to memory of 2964	2740	msedge.exe	83
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 1028	2740	msedge.exe	84
PID 2740 wrote to memory of 4880	2740	msedge.exe	85
PID 2740 wrote to memory of 4880	2740	msedge.exe	85
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86
PID 2740 wrote to memory of 848	2740	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\15713660fe77bc52aee51388fed7355c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff61f746f8,0x7fff61f74708,0x7fff61f74718
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9695934784488406218,732750191725105241,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,9695934784488406218,732750191725105241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,9695934784488406218,732750191725105241,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9695934784488406218,732750191725105241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9695934784488406218,732750191725105241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9695934784488406218,732750191725105241,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
32KB

MD5
bf899cc5ba60c522341e4d712a5246bf

SHA1
2c92c54c9919c8b81b4e77a97bfd4d8f202e1a6a

SHA256
4f8b9bf1630c24cf17444ec093052451c370c9371212db74b4bf8b4fd71a2817

SHA512
05a5de1ea4be9424070376fcc53916ab8bae10c239a5d1ed2c533b889b067daae83e9d8386ce0390adcd9ced1c14a436eaa7f19287f23bba8273afce87ce9968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
598B

MD5
6c1bceb26ebd1236acc397a7bc3ceb1b

SHA1
a7b227b15b67965d9816d5d953a0bfd79a9c663a

SHA256
80e1f66a3fc35c5085f6c885d912487762b99cbfcedd3c5b818c2e8220bced38

SHA512
21d0f4018090a8f96d1aa96116a968e727a254960b19442b5cc5892bf118e984d7c317badcc43e869f134677b5690d3f069f83cd09a7967e4dc62fc531420ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
567B

MD5
6c38de0aab6a0101bd377324bc37da91

SHA1
659924f350c76742c14ba7adb6999f3d58e59ffe

SHA256
536db3fbdd38377229a3394d04cf668302340cce8b2e2779534908f611170f98

SHA512
dc24c2bc8deb2ec21adcbd047b27deb8ddf7944883ca07d88265cc902d5c9fd4dd3a1312a8eee7b9ff49c1c40e3fb9d3bc82ce3ab4345d21476197087ceba739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c7fcc97c2fc2b62d87b14500907cdca

SHA1
98de2e6c294948ba61d0e9bdf73a0b948b01ab8b

SHA256
5f1121499b5624480a21189c4398b86c2958e1784d1373eea9b4cd8b8b70a8a8

SHA512
8c9383c0a6daac4f2045745d2384bdcdf74e8e590326360c2db5bcdf7fa82e2f799db75275b9da8a72524fdaba2f6e72042e69d7e13849fbcf1b41eeabd9bb32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5999670e2c95398688c84b384007f15

SHA1
27aad6fdcfb6f2744dd0367418aa801cb9c95333

SHA256
58f04504a6cb89e0bfd079d9451845645da2a5da558e71d9db4434a312d2fc1c

SHA512
51f3405aa3f10516ee2b887ed70d2046a5018e513d454c4490e77872333a862cb6b9efcdbb7dfbfaf65be61dd1373c6bc5abc5bb58b415745aed8872e1dab3a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
52eba29a967c8c26365d61d396031444

SHA1
918dce017d74ba99e648cea397ee938313c1a311

SHA256
6da7deb6bc7f483b765b610697a9f8a3d6d018d746fba410599e618eb3b237b0

SHA512
58ab5b22b160b15bf0c473f2576dfdcc002ea64ae84eca55ce006aa9e014aebff023ca779ed74740f088c61e2381f2d641b7bc26bece7ce0375804997b79c3a1

Download Submit